Connect to share and comment
SEOUL, March 20 (Yonhap) -- Wednesday's massive computer network failures at several major South Korean TV stations and banks were caused by a malicious code from unknown hackers, but no evidence was found to blame it on North Korea, officials said.
Government investigators warned of a possible second attack, disclosing that a suspicious message was identified in the malicious code that caused the attacks.
Three broadcasters -- KBS, MBC and YTN, three banks -- Shinhan, Nonghyup and Jeju, and two insurance firms reported to the National Police Agency (NPA) that their computer networks were entirely halted around 2 p.m. for unknown reasons, police said. Woori Bank, a leading lender in Seoul, also came under an apparent hacking attack at the same time but managed to defend its computer networks through an internal system.
Hours later, the Korea Communications Commission (KCC), South Korea's communications watchdog, said hacking of unknown origin is suspected behind the massive network failures, raising the cyber alert level to the third notch in a five-notch scale amid possibilities of additional hacking attempts.
"After analyzing malicious codes from related institutions, it is believed the code spread through patch management system (PMS)," an official from the KCC said.
However, the KCC added the point source of malicious codes is still unidentified. PMS refers to technology solutions that can automatically update and install software and operating systems.
"If it is confirmed that the attack was conducted through PMS, the communications network can be presumed to be intact," the official added.
"Reports have been made simultaneously so we have dispatched investigators to the scene," a police officer handling cyber-terrorism at the NPA said, adding that officers will review all possibilities, including a cyber attack.
President Park Geun-hye instructed her office to first quickly restore the networks and then determine the exact cause of the paralysis as well as ways to tackle it, presidential spokeswoman Kim Haing said in a press briefing.
Park was briefed about the incident about 10 minutes after it took place by her top security adviser Kim Jang-soo, according to the spokeswoman. Kim has been named to head the national security office at the presidential office Cheong Wa Dae.
A joint response team comprising civilians and government and military officials is handling the issue along with Cheong Wa Dae's national security office and offices of relevant senior presidential secretaries, she added.
A key presidential official said that it has not yet been determined whether North Korea was involved in the incident.
Tensions on the Korean Peninsula have been running high in recent weeks as North Korea made repeated war threats in anger over ongoing joint military exercises between South Korea and the United States as well as a new U.N. Security Council resolution for its third nuclear test.
South Korea has accused North Korea of carrying out a series of cyber attacks on the web sites of government agencies and financial institutions over the past few years, though the North denied the allegations.
In June, 2012, the JoongAng Ilbo, one of the country's major conservative media outlets, came under a cyber attack that crippled its server and Web site. The NPA later determined that North Korea was responsible for the attack.
Nonghyup's computer networks also crashed in September 2010 apparently under attack from the North, according to prosecutors and police.
South Korea's military said it has upgraded its information surveillance status by one notch. The defense ministry said its computer network was operating normally as of late Wednesday afternoon.
The National Computing and Information Agency (NCIA), which oversees all the computer networks of government organizations, said its system was working normally without any errors.
"There was no abnormality detected at the computer networks of each administrative agency and local government," an official at the NCIA said, adding that the intranet and Internet were operating normally.
The networks at the broadcasters were still out as of late Wednesday afternoon, according to the affected network officials, adding that the broadcasting is still on air.
"The computer network has been paralyzed since 2 p.m. and we cannot do any business," an official of public broadcaster KBS said.
Another official of the cable broadcaster YTN said not only the computer network but also editing equipment for the broadcasting system has also been paralyzed.
"We are figuring out the exact cause and it is expected to affect the broadcast," the official added.
Meanwhile, the two banks -- Shinhan and Nonghyup-- said they will extend their business hours until 6 p.m.
Shinhan Bank said it has suffered from disruptions with its computer network since around 2:14 p.m., which slowed down business at each branch. The bank also said that other services such as Internet banking, mobile banking via smart phones, and automated teller machines have also been affected.
Nonghyup Bank said its telecommunications network suffered a disruption at several branches but other services were operating normally.
Meanwhile, a suspicious message was identified in the malicious code which attacked local broadcasters and banks, a local software firm said Wednesday, raising concerns over a second attack.
According to INCA Internet Co., a local security software developer, two words -- "PRINCPES" and "HASTATI" -- were inscribed in the damaged computers' master boot record, which holds general information of their systems.
While "princpes" means "first" in Latin, "hastati" also refers to soldiers standing at the first battle line, which could be an indication that the hackers may attempt another attack on local financial firms and broadcasters.
<All rights reserved by Yonhap News Agency>