NORTH KOREA NEWSLETTER NO. 63 (July 16, 2009) |
*** TOPIC OF THE WEEK (Part 1)
After Cyber Attacks, Finger-pointing at N. Korea Stirs Controversy
SEOUL (Yonhap) -- Though the attacks seem to be over, controversy continues to linger over accusations that North Korea was behind a string of cyber assaults on major Web sites in South Korea and the U.S. last week.
Lawmakers here were divided after National Intelligence Service officials first told them they had solid evidence indicating Pyongyang orchestrated the attacks but then backed away from that claim.
"A thorough investigation is under way to find concrete evidence that the North is responsible for the attacks," the spy agency later said in a statement.
The ruling Grand National Party has continued to support the finding, while the main opposition Democratic Party blasted the agency for drawing hasty conclusions on circumstantial evidence.
Park Young-sun of the Democratic Party said, "The NIS still suspects North Korea or pro-North Korean forces are behind the attacks," but added the spy agency provided no clear evidence of its suspicion.
The distributed denial-of-service (DDoS) attacks were first noticed on the evening of July 7, and disrupted access to dozens of government and private Web sites, including that of the presidential office. By July 11, all the sites were back up and running normally, officials said.
In a DDoS attack, a hacker orders a network of infected computers to simultaneously send information to a Web server, causing normal traffic to slow to a crawl or the site to crash completely.
Earlier, the NIS was quoted as reporting to the National Assembly that it had obtained a North Korean document ordering a cyber warfare unit to "destroy" South Korea's communication networks. The spy agency said in a closed-door briefing for lawmakers that a research center called "Number 110" under the wing of the General Staff of the Korean People's Army seems to have engaged the attacks.
The intelligence agency also mentioned the presence of North Korean agents in Beijing and Shenyang in China, saying they have set up overseas bases for cyber terrorism, parliamentary committee members said.
The spy agency said one reason for suspecting the North was its response to South Korea's plan to take part in a U.S.-led drill against cyber attacks. The North's Committee for the Peaceful Reunification of Korea said last month following Seoul's announcement that Pyongyang was "fully ready for any form of high-tech war."
Hwang Cheol-jeung, director of the network policy bureau at the Korea Communications Commission in Seoul, said at a press briefing July 11 that North Korea has not been designated an IP (Internet protocol) address by the Internet Corporation for Assigned Names and Numbers -- an international agency that coordinates unique Internet addresses around the world.
That means it would impossible for the hackers' IP addresses to reflect a physical location in North Korea, Hwang said. "Hackers always cover their tracks, anyway," he added.
Hwang later qualified his remarks by saying he didn't completely rule out the possibility that North Korea is the culprit. "North Korea doesn't have its own IP address, but it could still borrow another country's IP," he said. "One can assume the North could have done that to carry out these attacks."
In an effort to stem the threat, the commission blocked five Internet addresses that were found to have distributed the virus used in the cyber assaults.
Although no attempts to infiltrate government or private servers were detected, malicious code likely infected at least 50,000 personal computers nationwide, according to Internet security specialists.
South Korean authorities were busy analyzing a number "zombie" computers that played a part in the attack.
Police are trying to determine the origin of the malicious code by going through the Web sites users visited. An official with the Cyber Terror Response Center at the National Police Agency said there was no concrete evidence yet that North Korea was responsible.
The attacks have demonstrated the loopholes in the country's Internet security as well as tarnished its image as a global information technology powerhouse, analysts say.
South Korea boasts the world's highest percentage of computers with high-speed Internet connections.
Meanwhile, on July 12, an intelligence source said North Korea has stolen the personal information of at least 1.65 million South Koreans since 2004.
North Korean hackers have mainly targeted retired military officials, security-related research centers and university alumni associations in gathering such information, the source told Yonhap, adding that if suspected cases were included the figure could be as much as 2 million.