Go to Contents Go to Navigation

(LEAD) Watchdog traces hacker IP to local computer

All Headlines 16:27 March 22, 2013

(ATTN: UPDATES with details throughout; CORRECTS date in lead)

SEOUL, March 22 (Yonhap) -- Some of the malicious code that paralyzed network systems at South Korean banks and TV broadcasters originated from a local computer, Seoul's communications watchdog said Friday.

Local TV broadcasters KBS, MBC and YTN along with Shinhan, NongHyup and Jeju banks suffered a massive network failure on Wednesday that halted financial services and crippled operations.

In a press release, the Korea Communications Commission (KCC) said it had mistaken a private Internet Protocol (IP) address used by NongHyup as an IP address allocated to China. The International Corporation for Assigned Names and Numbers (ICANN) allocates official IP address ranges by country.

The announcement comes a day after the KCC said a Chinese IP address ( accessed NongHyup's update management server and generated malicious files, fueling speculations over North Korea's involvement.

The watchdog said the National Police Agency has confiscated the hard disk of the suspected computer for a further investigation but did not elaborate on the attacker.

The KCC also said it is in the process of a "multilateral" probe to track down "all possible infiltration routes."

A spokesman at NongHyup said the bank is looking into the issue without further details.

Meanwhile, the KCC said Shinhan Bank and Jeju Bank have completely recovered their networks, while NongHyup is still in the process of normalizing its system.

The three affected TV broadcasters KBS, MBC and YTN have recovered roughly 10 percent of their attacked systems, the watchdog said, adding that no further damage has been detected.

The KCC's earlier announcement on the China link has fueled suspicions that Pyongyang masterminded the cyber attack amid heightening tension between the two Koreas.

South Korea has accused North Korea of carrying out a series of cyber attacks on the Web sites of government agencies and financial institutions over the past few years, though the North has denied the allegations.

In June 2012, the JoongAng Ilbo, one of the country's major conservative media outlets, came under a cyber attack that crippled its server and Web site. The National Police Agency later determined that North Korea was responsible for the attack.

NongHyup's computer network also crashed in September 2010 apparently from an attack by the North, according to prosecutors and the police.



Send Feedback
How can we improve?
Thanks for your feedback!