An apparently sophisticated and coordinated cyber attack has caused widespread disruption to computer networks and three of South Koreas largest broadcasters and two of the country’s banks.
The attack first showed itself at 2pm on Wednesday when computers at KBS, MBC and YTN shutdown. Upon restarting, the computers displayed error messages saying they were unable to boot. Apparently the boot record or entire operating system has been removed from the computers.
KBS broadcast images of computers in its offices showing an error screen and one KBS employee posted a picture of his laptop screen on Twitter (right.)
ATMs and online banking service at Shinhan and Nonghyup Banks are also reported to have failed and Internet service provider LG Uplus also said its service was affected, according to a report on MBN.
South Korea’s Blue House said it had assembled a team to urgently investigate the problem.
As with any major cyber attack in South Korea, suspicion has quickly fallen north of the border to Pyongyang.
The suspicion is especially strong since Wednesday’s trouble comes less than a week after two days of disruption to North Korean Internet sites. The North Korean sites became unavailable last Thursday and remained difficult or impossible to access until late Friday.
Renesys, which specializes in network analysis, said this week the cause of the problem was almost certainly on North Korea’s internal network, but it was difficult to say whether it was caused by an attack or something less sinister, like a power failure or configuration error.
Loxley Pacific, the Thai company that operates the connection, told The Associated Press it was investigating an attack and KCNA blamed the outage on a cyber attack carried out by the U.S. and its allies.
“Intensive and persistent virus attacks are being made every day on internet servers operated by the DPRK. These cannot be construed otherwise than despicable and base acts of the hostile forces consternated by the toughest measures taken by the DPRK after launching an all-out action,” KCNA said.
North Korea has been blamed for several previous cyber attacks on South Korean Internet sites and computer networks, including a series of coordinated attacks against government and bank web sites in 2009 and 2011.
A report into the 2011 attacks by U.S. security company McAfee found North Korea or parties closely tied to the country were almost certainly behind the attacks, although it stopped just short of directly accusing the country. Many cyber attacks are sophisticated enough to disguise their source, so even if a source is thought to be identified it could be incorrect.
A big difference between those attacks and what appears to have happened on Wednesday is the impact on PCs. The 2009 and 2011 actions were distributed denial of service attacks, often abbreviated to DDoS, which involve sending massive amounts of traffic to web sites so they become overloaded and cannot handle legitimate traffic. They rarely do any lasting damage.