select languages
NorthKorea_titleN.K. NewsletterVantagePointlmenu_bottom
latestnewslatestnews RSS
Home > NorthKorea
(News Focus) N. Korea's state-sponsored hackers emerge as global threat
By Park Bo-ram
SEOUL, March 21 (Yonhap) -- The massive hacking attacks targeting major South Korean banks and broadcasters this week have raised the possibility of North Korea masterminding them, with analysts saying the communist country has developed powerful cyber warfare capabilities.

   The Web sites of major broadcasting firms MBC, KBS and YTN, as well as five financial institutions were shut down at around 2 p.m. Wednesday in simultaneous hacking attacks, prompting South Korea to open an urgent investigation.


The South's Korea Communications Commission, the communications regulator, said malicious code was implanted on the computers of the companies, with the hacker's execution of the code leading to the simultaneous shutdown of the computers.

   The commission has yet to pinpoint who was behind the far-reaching attacks, but it said some of the malicious code came from a Chinese Internet Protocol (IP) address, prompting wild speculations from the media and experts that the North may be responsible.

   The North is known to be running a cyber warfare unit, called "No. 121," in which about 3,000 elite hackers break into other computer networks for information and spread computer viruses.

   The country is believed to be training expert hackers in the electronic warfare department of a military technician training center as part of its computer warfare strategies.

   Analysts in Seoul presumed the North has achieved high-level hacking skills as a means of provocations against the outside world.

   Gen. James Thurman, the commander of Combined Forces Command, also said in a speech in Washington last year that the North's cyber warfare capacities are "significant."

   Backing the speculations, a high-ranking presidential office official said Thursday that the office is "thoroughly tracking and analyzing every possibility upon the strong suspicion that North Korea has done it." The official, however, did not say why he suspects the country.

   The South Korean government previously had forecast possible provocations including cyber terrorism during the South's joint military drill Key Resolve with the U.S. The war maneuver ended its 11-run on Thursday.

   The North has repeatedly threatened to launch nuclear attacks against the U.S. and the South, accusing them of conducting a rehearsal for invading North Korea.

   The three attacked broadcasters also matched the list of South Korean media firms North Korea denounced last year as right-wing press responsible for what the country said was manipulation of South Korea's public opinion, a clue which further fueled the speculations about North Korea's involvement.

   The North listed KBS, MBC, YTN and the Donga llbo daily as targets of their attack in a statement issued on April 23 last year.

   Previously, North Korea has launched six massive cyber attacks on major South Korean Web sites since 2008, according to the National Intelligence Service Thursday.

   About 73,030 hacking attacks targeted the Web sites of South Korean public institutions from 2008 to 2012, the spy agency said in a report to the parliament. Six out of the total are attributable to North Korea, according to the South Korean gency.

   A government official said the series of North Korean hacking attacks first started in 2008 when the country shut down about 400 computers at the presidential government transition office of Lee Myung-bak.

   In July 2009, the Web sites of the presidential office, the National Assembly and other government institutions were again paralyzed in a so-called distributed denial-of-service, or DDoS, attack.


In 2011, the country launched two more massive hacking attacks, first paralyzing the Web sites of about 40 public and financial institutions including the presidential office in March and again shutting down the Web site of NongHyup, or the National Agricultural Cooperatives Federation. The next year, the Web site of JoongAng Ilbo, a major newspaper, was attacked.

   Citing the same modes used in facilitating overseas proxy Internet servers and writing the malicious code, South Korean authorities blamed the North for those cyber attacks.

   Last week, North Korea raised accusations against "hostile forces" of inflicting virus attacks on North Korean Internet servers after a Russian news agency said several North Korean Web sites had been shut down in hacking attacks. South Korean analysts said the latest attacks on South Korea may potentially be a counter-attack by North Korea in response to what they considered hacking provocations initiated by South Korea. However, many North Korea watchers suspect the North's network trouble may have been a ruse.

   South Korea's defense ministry said in August last year that the country will increase its cyber terror workforce by two-fold to 1,000 in order to better deal with potential cyber attacks by the North.