Breaking News Bar
updated: 7/5/2011 9:34 AM

Analysis blames NKorea for cyberattack on SKorea

Success - Article sent! close
Associated Press

WASHINGTON -- North Korea or its sympathizers were responsible for the cyberattack against South Korean government and banking websites earlier this year, according to a new analysis that said it also appears to have been linked to the 2009 massive computer-based attack that brought down U.S. government Internet sites.

A study by computer security software maker McAfee Inc. concludes that the attack that targeted more than two dozen sites in South Korea was a type of reconnaissance mission to see how quickly South Korea's government detected the problem and recovered from it. The McAfee report, expected to be released Tuesday, said clues in the code suggest that the attack was probably engineered by North Korea or its sympathizers.

It is difficult to tell exactly who was responsible for the attacks, said Dmitri Alperovitch, vice president of threat research at computer-security software maker McAfee Inc., in an interview with The Associated Press. But he said a detailed study of the attack and the computer code used in the 2009 and 2011 attacks show with 95 percent certainty that they were done by the same perpetrator.

South Korean prosecutors said North Korean hackers were behind the so-called denial-of-service attack early this spring, but The North's Ministry of the People's Armed Forces denied it.

A denial-of-service attack, which floods a website's servers with enormous amounts of webpage requests, is a popular and easily perpetrated hacking activity.

But according to McAfee's analysis, the attack earlier this year was more sophisticated than usual, using layers of encryption to prevent detection and destruction. And in a highly unusual move, it was set to last for just 10 days. Then the malware in the network of infected computers -- called a botnet -- was designed to self-destruct.

Generally hackers or criminals want to keep the infected computers available so they can scour them for passwords, financial information or other data that can be used to steal money or important secrets.

The short duration of the attack, coupled with the sophisticated layers of protection, suggests there were political, rather than criminal motivations, Alperovitch said.

It was, he said, like "bringing a Lamborghini to a go-cart race."

The 2009 attack -- which began on July 4 -- included some of the same computer codes as this year's attack and was also routed through machines in South Korea. It hit more than a dozen of the same websites. There were no sites in America targeted in this year's attack, but several websites of U.S. military bases in South Korea were hit.

U.S. authorities initially said there were indications that the 2009 attack originated in North Korea, but later some said they had ruled that out. One problem is that much of North Korea's Internet connectivity runs through China or Japan, making it difficult to trace.

The analysis, said Alperovitch, underscores the growth of cyber as a battlefield, and shows that countries are testing each other to evaluate how well they can withstand a cyberattack.

U.S. officials have warned that the next major assault against America could be a cyberattack that could target critical infrastructure such as financial systems, the electrical grid or power plants. And they've acknowledged that computer-based attacks will likely be part of any new conflicts, possibly as a first strike that opens the door for a bombing or other kinetic attack.