Washington Times on March 20, 2013, reported that hackers hit South Korea’s top banks and TV broadcasters Wednesday in a sophisticated online attack that crashed computer networks, knocked bank websites offline and shut down ATMs for several hours — prompting widespread speculation that North Korea had launched a cyberattack. Excerpts below:
Although ATMs were back online within a few hours and none of the broadcasters was knocked off the air, the attack highlights the vulnerability of computer networks — and the ability of attackers to strike anonymously and without warning.
The cyberattack, the largest against South Korea in at least two years, came amid rising tensions on the Korean Peninsula and just days after North Korea had accused the United States and its South Korean allies of knocking several of Pyongyang’s websites offline last week.
Although the finger of suspicion pointed almost automatically at Pyongyang, one computer security specialist said there are clues in the malicious software , or “malware,” that point elsewhere.
“The attack probably originates in China,” said Jaromir Horejsi, a security specialist with the software company Avast, based in Prague. He cited Chinese terms used in the coding and the location of servers from which the malicious software downloaded instructions.
But clever hackers can leave so-called “false flag” indicators in coding and employ third-party computer systems to misdirect suspicion.
Employees at the affected broadcasters reported that their computer screens went blank and could not be reactivated, according to the BBC.
“The attacks are a warning signal for the financial services industry here in the United States,” Ira Victor, a digital forensic analyst with Data Clone Labs, told The Washington Times.
“Many [U.S.] banks use the same technologies and strategic approach to data security” as the South Korean ones that had been attacked, he said. “This is like trying to fight today’s war with yesterday’s weapons: it is destined to fail almost every time.”
Al Pascual, an analyst with Javelin Strategy & Research, told American Banker magazine: “The issue with the South Korean bank hack that should really grab everyone’s attention is that complete bank networks were infected, which resulted in outages of online banking portals, ATMs and internal bank systems.”
A similar attack on U.S. banks “would have a deleterious effect on consumer confidence as it would limit customer access to account functions online, while also keeping them from withdrawing their funds as cash,” Mr. Pascual said.
According to South Korea’s Yonhap news agency, three broadcasters, three banks and two insurance companies told the National Police Agency in Seoul that their computer networks crashed around 2 pm local time. The broadcasters were identified as the Munhwa Broadcasting Corp., the Korea Broadcasting System and YTN television news; and the banks as Shinhan Bank, Nonghyup Bank and Jeju Bank. The insurance firms were not identified.
The communications commission raised the national cyberalert level up to the middle notch in a five-notch scale, concerned about the possibility of more attacks.
The South Korean military raised its cyberattack readiness level but saw no signs of cyberattacks on its networks, the Defense Ministry said.
No government computers were affected, officials said. President Park Geun-hye called for quick efforts to get systems back online, according to her spokeswoman, Kim Haing.
North Korea has threatened revenge for the sanctions and for ongoing U.S.-South Korean military drills, which the allies describe as routine but which Pyongyang says are rehearsals for invasion.