AFP -- This week's cyber attacks on South Korea are believed to have
been mounted from 16 different countries but North Korea was not among
them, Seoul's spy agency was quoted as saying Friday.
The National Intelligence Service (NIS) told legislators the
attacks were tracked to 86 Internet protocol addresses from 16
countries including the United States, Japan, China and Guatemala, the
The lawmakers, quoting information from the NIS given in a closed briefing, said North Korea was not among the 16 countries.
"The NIS suspects North Korea or its sympathisers are behind the
attacks but it says it cannot be sure until the ongoing probe is
completed," Park Young-Sun, a lawmaker of the opposition Democratic
Party, told journalists.
The agency based its suspicion on a statement issued by Pyongyang
last month warning of cyber warfare and the fact that many of the
targets were websites operated by conservatives, the lawmakers said.
The North's Committee for the Peaceful Reunification of Korea,
lambasting Seoul over its plan to participate in the US-led exercise
"Cyber Storm," said on June 27 that Pyongyang was "fully ready for any
form of high-tech war."
Cyber Storm is a drill against cyber attacks.
A third wave of cyber attacks hit South Korea on Thursday evening,
blocking or impeding access to at least seven Web sites operated by the
country's largest lender Kookmin Bank, government and media
Several Seoul-based portal sites also reported that their mail services underwent temporary access disruptions.
"The volume of attacks in a third round of cyber attacks was small
and the impact was rather meagre," Park Cheol-Soon, a senior official
of the Korea Communications Commission (KCC), told AFP.
Many users whose computers had been hijacked for attacks had vaccine programmes downloaded on their machines, he added.
The US State Department said its website also came under attack for
a fourth day Thursday. The White House and Pentagon websites were among
US government entities targeted earlier this week.
Hackers have planted viruses in thousands of personal computers in South Korea and overseas.
The so-called distributed denial of service (DDoS) attack involves
computers being programmed to swamp certain US and South Korean
websites at selected times.
The attack used an army of malware-infected computers known as a
"botnet" in a bid to paralyse US and South Korean websites by
overwhelming them with traffic.
US experts were divided on whether the communist state was behind
the ongoing attacks, an assault that highlighted the vulnerabilities of
"I don't think it was North Korea, but there's really no proof
either way," said Johannes Ullrich, chief technology officer for the
SANS Institute's Internet Storm Center, which monitors cyber threats.
"The way this particular malware was written it looks like one guy
wrote it in his basement over a weekend," he said. "But maybe that's
what North Korea's cyberwarfare unit looks like."
"It could be anybody," he continued. "It could be a South Korean.
It could be a Chinese, whoever had motivation and the tools to do it.
There's really nothing that points to a nation state."
Joe Stewart, director of the counter-threat unit at SecureWorks,
agreed, telling Computerworld "it looks like every other 'bot' (botnet)
I see created by an intermediate programmer."
Around a dozen websites in the United States and another dozen in
South Korea were among those targeted in the attack, which began on
Spokesman Ian Kelly said the State Department's website, state.gov,
continued to come under attack on Thursday but not in "high volume".
He said Thursday he had "no information" about any North Korean involvement.