Cyberattack rocks South Korea

SEOUL — Most people assumed it was just another irritating computer glitch. But no amount of impatient clicks on the refresh button or rebooting could fix this problem. Only later did many learn that they'd witnessed one of the largest South Korean cyberattacks, which crashed the websites of dozens of government offices, banks and portals, among others, in South Korea and the U.S.

The attack — orchestrated by unknown forces — was a chill-inducing reminder of just how vulnerable the country, which boasts of being the most wired in the world, can be. People suddenly found themselves stuck in line at banks, trapped with dysfunctional email accounts, unable to find information online, and worried about possible future attacks. There's been much finger-pointing, with questions about whether the government responded adequately.

For tech-savvy South Koreans, who spend an average of two hours a day on the web, the dark sides of technological advancement are not new. The country funds a counseling center to prevent addiction and help those in need.

Experts are saying that South Korea must learn a lesson from this unprecedented cyber sabotage.

The attacks — labeled the “7.7 cyber terror” by the media due to the first date on which it occurred — differed from previous incidents, which were mainly smaller in scale and designed to steal private information from companies or request money from websites by jamming their web pages.

The strikes were carried out on three separate dates through a DDoS attack — short for "distributed denial of service" — which utilized tens of thousands of personal computers that had been exposed to a malicious code spread through certain websites. The infiltrated computers, called “Zombie PCs,” were ordered to access designated websites tens or hundreds of times per second, causing the web pages to crawl or crash. Users of the computers were unaware their machines were being used as tools of the attack.

Shortly after the first strike, the government activated an emergency cyber-terror response team, which has so far tracked down and cut off access to five host sites containing the malicious code and 86 websites that downloaded the code, according to South Korea’s Yonhap News Agency.

The cyber sabotage also differs from past attacks in that it not only targeted, but also included an advanced destruction function. The investigation team discovered Zombie PCs were timed to self-destruct their hard-drives at midnight on July 10, possibly to hinder efforts to track down the origin of the attack.

South Koreans woke up to alerts sent out through the media to boot their computers Friday morning under "safe mode," and to set their clocks back a month before downloading a free anti-virus program distributed through computer security companies. The country’s leading anti-virus provider Ahn Lab recorded 200,000 downloads of its security program and 100,000 of its vaccine program created specifically for the 7.7 attack, according to Yonhap. Only 96 computers are said to have been wiped out from the malicious code as of Friday afternoon and there's no sign yet of a fourth attack, the agency reported.

“The message from this attack is that we need to better ready ourselves,” said Kim Kwang-jo, a professor at Korea Advanced Institute of Science and Technology. Kim, who specializes in cryptography and information security, said it is a wakeup call not only to the government, but also to individual users who were not equipped with anti-virus programs.

“Since their computers were used as zombies, they need to understand that their wrongdoings are not simply harming their own machines, but (are) causing damage to others as well,” Kim said. He warns that cyber sabotages may not disappear. In the past, if research was geared towards finding out how to get more people online and distribute information at a fast pace, it now needs to shift to the issue of security, he said.

The police have yet to determine who masterminded the major attack. Media reports, citing unnamed officials, pointed to the possibility of Pyongyang’s involvement, but such evidence has not yet emerged. The idea, however, is a source of discomfort to people on the streets of Seoul.

“If North Korea is really behind this, it’s scary since we’re still technically at war,” said Jung Hye-mi, a 20-year-old university student. Jung said she finds the idea of a cyberattack more disturbing than North Korea firing missiles into the ocean. “The missile stuff just goes away once it’s over, but I think cyber war is something that will affect me more directly,” she said.

Another frequent user of the internet, Cho Gyu-ja, 60, agreed that the attack was a major obstacle to those who rely on the internet for their work. “Even at my age I could feel it,” said Cho, who surfs the internet for information on a regular basis. “There’s always something bad that follows good technological developments. I guess what we need to do now is improve our technology again,” she said.

Read more on South Korea:

Need a protest? Call Park Chan-sung.

To die with dignity in South Korea

For North Korea captives, two different stories