SEOUL, South Korea - Computer networks running three major South Korean banks and two of the country’s largest broadcasters were paralyzed Wednesday in attacks that some experts suspected originated in North Korea, underscoring the North’s threat to cripple its far richer neighbor.
The attacks, which left many South Koreans unable to withdraw money from ATMs and news-broadcasting crews staring at blank computer screens, happened as the North’s official Korean Central News Agency quoted the country’s leader, Kim Jong Un, as threatening to destroy government installations in the South, along with U.S. bases in the Pacific.
Though U.S. officials dismissed those threats, they also noted that the facilities hit by the virus had been cited by the North before as potential targets.
The attacks, which occurred as U.S. and South Korean military forces were conducting major exercises, were not as sophisticated as some from China that have struck U.S. computers, and certainly less sophisticated than the U.S. and Israeli cyber-attack on Iran’s nuclear facilities. But it was far more complex than a “denial of service” attack that simply overwhelms a computer system with a flood of data.
The malware, called Dark-Seoul in the computer world, was first identified about a year ago. It is intended to evade some of South Korea’s most popular anti-virus products and to render computers unusable. In Wednesday’s strikes, the attackers made no effort to disguise the malware, leading some to question whether it came from a state sponsor - which tends to be more stealthy - or whether officials or hackers in North Korea were sending a specific, clear message: that they can reach into Seoul’s economic heart without blowing up South Korean warships or shelling South Korean islands.
North Korea has been accused of using both of those techniques in attacks over the past three years.
The South Korean government cautioned that it was still too early to point the finger at the North, which has been threatening “pre-emptive nuclear attacks” and other, unspecified actions against its southern neighbor for conducting the military exercises with the U.S. this month and for supporting new American-led United Nations sanctions against the North.
”We cannot rule out the possibility of North Korean involvement, but we don’t want to jump to a conclusion,” said Kim Min-seok, a spokesman for the Defense Ministry.
The military raised its alert against cyber-attacks, he added, and the Korea Communications Commission asked government agencies and businesses to triple the number of monitors for possible hacking attacks. South Korea’s new president, Park Geun-hye, instructed a civilian-government task force to investigate the disruptions.
It could take months to determine where the attacks came from, and sometimes investigators never come to a firm conclusion. In 2009, a similar campaign of coordinated cyber-attacks over the Fourth of July holiday hit 27 U.S. and South Korean websites, including South Korea’s presidential palace, called the Blue House; its Defense Ministry; and websites belonging to the U.S. Treasury Department, the Secret Service and the Federal Trade Commission.
But those were all “distributed denial of service” attacks in which attackers flood the sites with traffic until they fall offline. While many suspected North Korea, a clear link to the country was never established.
In testimony to Congress last year, Gen. James Thurman, the U.S. commander in South Korea, described what he called North Korea’s “growing cyber-warfare capability.”
But security researchers and foreign-policy experts have said North Korea faces significant hurdles. “They simply don’t have access to the same technology due to sanctions, consistent electricity,” said Michael Sutton, the head of threat research at Zscaler, a security company. “And a large portion of their population does not have ready access to the Internet so they don’t have that natural pool of talent to recruit from.”
In Seoul, many analysts suspect North Korean hackers honed their skills in China and were operating there. But there has never been any evidence to back up some analysts’speculation that they were collaborating with their Chinese counterparts. At a hacking conference in Seoul last year, Sutton said there were a handful of hackers from China “who were clearly very skilled, knowledgeable and were intouch with their counterparts and familiar with the scene in North Korea.”
Adam Segal, a senior fellow who specializes in China and cyber-conflict at the Council on Foreign Relations, said, “I’ve never seen any real evidence that points to any exchanges between China and North Korea.”
Lee Seong-won, an official at the Korea Communications Commission, said Wednesday that the malicious code, once activated, disrupted the booting of computers. “It will take time for us to find out the identity and motive of those who were behind this attack,” Lee said.
The government investigators were also checking whether the images of skulls that reportedly popped up on some computer screens had anything to do with the virus attack.
Information for this article was contributed by Nicole Perlroth and David E. Sanger of The New York Times.
Front Section, Pages 6 on 03/21/2013