Published on 20 Mar 2013 Sections , ,

Hackers target South Korean banks and broadcasters

Officials in South Korea are investigating a suspected cyber attack that shut down two major banks and three TV broadcasters, prompting speculation that North Korea was involved.

Hackers target South Korean banks and broadcasters (R)

Screens went blank promptly at 2pm (5am GMT), with skulls popping up on the screens of some computers – a strong indication that hackers planted a malicious code in South Korean systems, said the state-run Korea Information Security Agency.

Some computers started to get back online more than two hours later.

Police and South Korean officials investigating the shutdown said the cause was not immediately clear. But speculation centered on North Korea, with experts saying a cyber attack orchestrated by the capital Pyongyang was likely to blame.

Officials were keen to say that no government computers were affected. “We sent down teams to all affected sites. We are now assessing the situation,” a police official said. “This incident is pretty massive and will take a few days to collect evidence.”

The suspected hack comes amid increasing threats of attack from Pyongyang in response to UN sanctions for its rocket launch in December and nuclear test in February. The Washington administration also expanded its sanctions against North Korea this month in an attempt to cripple the development of the regime’s nuclear program.

North Korea has threatened revenge for the sanctions and for ongoing routine US/South Korean military drills that it considers invasion preparation.

“Banks, TV newsrooms – the South Korean targets in this cyberattack show that whoever is behind it wants to have an impact in the ‘real world’ and not just cyberspace,” writes Technology Producer Geoff White.

“These targets are known in security circles as critical national infrastructure – the transport, communications and financial systems on which a country relies. Attacking those systems is not a new tactic; the Stuxnet virus famously crippled an Iranian nuclear facility before being discovered in 2010.

“But while Stuxnet lurked in the reactor’s systems for years undetected, it seems the hackers are now happy for their work to be public. In August last year, 30,000 computers at the national oil company of Saudi Arabia were shut down by a cyberattack so aggressive it was bound to get headlines. The hit on South Korea goes one step further – what better way to get publicity than by targeting TV news journalists?”

Computers shut down for hours

At one Starbucks in central Seoul, customers were asked to pay for their coffee in cash, and lines formed outside disabled bank machines as customers tried to get their hands on cash.

The broadcasters KBS and MBC said their computers went down at 2pm but officials said the shutdown did not affect their daily broadcasts. KBS employees said they watched helplessly as files stored on their computers began disappearing as the computer went into shutdown mode.

Shinhan Bank said its networks were back online by 3.50pm (6.50am), and that banking was back to normal at branches and online.

But computers at KBS and MBC were still down more than three hours after the shutdown began, the news outlets said.

Accusations of cyber attacks on the Korean peninsula are not new. Seoul believes Pyongyang was behind at least two cyberattacks on local companies in 2011 and 2012. The latest network paralysis took place just days after North Korea accused South Korea and the US of staging a cyber attack that shut down its websites for two days last week. The Thai-based internet service provider Loxley Pacific confirmed the outage, but did not say what caused the shutdown in North Korea.

“It’s got to be a hacking attack,” said Lim Jong-in, dean of Korea University’s Graduate School of Information Security. “Such simultaneous shutdowns cannot be caused by technical glitches.”

Some South Korean internet users posted an image of a page they said was seen through services provided by LG UPlus Corp, in which a group calling itself the “Whois Team” took responsibility for the attacks.

But the claim could not be verified, and LG UPlus denied the page’s existence.