SEOUL, April 11 (Yonhap) -- A technical blunder by a hacker appears to have reinforced what South Korea has long suspected: North Korea has been behind several hacking attacks on South Korea in recent years.
The unidentified hacker accessed South Korean routes on Feb. 22 via an Internet Protocol (IP), just weeks before the massive hacking attack that paralyzed networks of South Korean financial firms and broadcasters.
The hacker exposed the IP address (175.45.178.xx) for up to several minutes due to technical problems in a communication network, giving South Korea a rare clue into tracing the origin of the hacking attack that took place on March 20, according to South Korean officials.
The IP address, the online equivalent of a street address or a phone number, is registered in Ryugyong-dong in Pyongyang, the capital of North Korea, according to the state-run Korea Internet & Security Agency.
Still, the IP address is registered by the name of Star Joint Venture, a company set up between the North Korean government and Thailand's Loxley Pacific Company Ltd.
Repeated calls to Loxley Pacific Company in Bangkok seeking comment went unanswered on Thursday.
Star Joint Venture, which provides limited Internet access for the isolated country, also did not respond to an email seeking comment on its alleged involvement in the March 20 hacking attack.
The IP address in question served as key evidence that the North orchestrated the hacking attacks that paralyzed three major South Korean banks -- Shinhan, NongHyup and Jeju -- and their insurance affiliates as well as three television stations -- KBS, MBC and YTN.
South Korea said North Korean computers were used in distributing malware, or malicious software, by accessing networks of South Korean financial firms 1,590 times since June last year. On 13 occasions, the North Korean IP address was exposed.
The rare evidence left behind by the hacker offered an intelligence windfall to the South Korean government, which has been striving for years to prove that Pyongyang is also responsible for a spate of hacking attacks on South Korea in recent years.
Kim Seung-joo, a professor at the Graduate School of Information Security at Korea University, said that the accidental exposure of the IP address is very fortunate for South Korea and that there is almost no possibility that the hacker forged the IP address when the North launched the attack.
"The North Korean IP address made it clear that the North is behind not only the latest hacking but also previous hacking attacks," said Kim.
South Korea said there is a remote chance that a hacker could fabricate an IP address as the latest cyberattack was carried out in a way that required the hacker to receive a reply after launching the attack.
In comparison, hackers can forge IP addresses when they launch distributed denial-of-service attacks that can disrupt targeted Web sites, according to the government.
Asked whether the IP address could be seen as smoking-gun evidence of the North's involvement, Jim Dorschner, a former U.S. military intelligence officer, said "very likely, but given the nature of cyberattacks, North Korea retains deniability by claiming they had nothing to do with it, if they wish to."
Dorschner made the comment in a text message to Yonhap News Agency during IHS Jane's online intelligence briefing on North Korea.
Lee Seung-won, a government official handling the latest hacking issue, said Wednesday that an analysis of cyber terror access logs, malware and North Korean intelligence showed that the attack methods were similar to those used by the North's Reconnaissance General Bureau, which has led hacking attacks against South Korea.
Of the 76 pieces of malicious code used in the attacks, there were 18 bits of code exclusively used by North Korean hackers that had been used in previous hacking attempts, according to Chun Kil-soo, the head of the Korea Internet Security Center at the state-run Korea Internet & Security Agency.
The latest hacking attack also showed that the North used South Korea, the United States and eight other foreign countries as routing points in what could be an apparent attempt to disguise its identity.
South Korean officials said that out of the 49 infiltration routes detected, including 25 local and 24 overseas routes, 22 were IP addresses that the North has used since 2009 to launch hacking attacks on Seoul.
In the past, the North carried out cyberattacks on South Korea via Chinese IP addresses.
In 2009, North Korea used 435 different servers in 61 countries to carry out a distributed denial of service attack against South Korean government Internet sites, in the first major case of cyber terrorism.
Still, a police officer in charge of cyber terrorism remained cautious in pinning the blame on the North over the latest hacking attack.
"A police investigation is still under way in cooperation with (related agencies in foreign countries,") the officer said. He declined to elaborate on international cooperation and asked not to be identified, citing the issue's sensitivity.