South Korea is investigating the latest high-technology assault against it. The attack targeted government computers and users of the GPS navigation system. It came as South Korea and the United States hold an annual military exercise that North Korea calls a prelude to an invasion.
Fifteen million South Koreans logging online Monday received an alert from the country’s Internet Security Agency. It instructed them to download a vaccine program to thwart a foreign online attack against Web sites of key government agencies and financial institutions.
Officials Monday said the government is trying to figure out who ordered the attack on the Internet sites last Friday and Saturday. Targets included the presidential Blue House, the Ministry of Foreign Affairs and Trade, the National Intelligence Service, South Korean military headquarters, the U.S. military forces in the country and several other agencies.
They were hit by what is known as a distributed denial of service attack. It was done by overloading targeted sites with Web page requests from about 80,000 personal computers infected with malicious software.
Suspicion as to who masterminded the attack falls on North Korea. But Park Kun-woo, a spokesman at Ahn Lab, a leading South Korean maker of security software, says there is no clear evidence Pyongyang orchestrated this one.
Park says nothing is certain at this point because malicious computer hackers tend to disguise themselves in various ways. It is clear, he says, however the attack did not originate in South Korea and was dispersed via a number of countries.
The National Police Agency says the attacks were routed through computer servers in numerous places, including Brazil, Hong Kong, India, Iran, Israel, Japan, Russia, Taiwan and Thailand.
Internet security companies say, as of Monday, more than 100 of the so-called zombie computers that were used to carry out the online attack have seen the contents of their hard drives erased by the malware that the computer owners unsuspectingly downloaded.
This incident did not last as long as a similar disruption over five days in July 2009, but it targeted more Web sites. Officials have said the 2009 attack was traced to an Internet protocol address in China used by North Korea’s Ministry of Posts and Telecommunications.
Other attacks also have been traced to China.
Experts say North Korea has an Internet warfare unit that targets South Korean and American military networks.
Also Monday, the South Korea Communications Commission confirmed that interference to Global Position System signals on Friday came from a location in North Korea that was pinpointed as the source of a similar disruption last August.
The incident reportedly affected GPS receivers in military equipment and mobile phones as far south as Seoul. It also took place, as was the case last August, while a military exercise with the United States was under way here.
The U.S. military command in the country is not confirming whether the GPS jamming disrupted the exercise. A spokesman says as a matter of policy, the command does not comment on intelligence matters.
The Yonhap news agency quotes a South Korean defense official saying the GPS disruption did have a slight effect on military artillery units.