Cyber attacks blamed on telecom ministry in North
October 31, 2009

South Korea¡¯s intelligence body has identified the North Korean government ministry on telecommunications as the culprit behind the cyber attacks that paralyzed Web sites in South Korea and the United States in July, lawmakers said late Thursday.

Multiple members of the National Assembly¡¯s standing committee on intelligence told the JoongAng Ilbo that the National Intelligence Service had earlier in the day named the Ministry of Posts and Telecommunications in Pyongyang as the origin of the distributed denial of service, or DDoS, attack. Won Sei-hoon, head of the National Intelligence Service, made this assessment during the National Assembly audit of the intelligence agency Thursday.

According to the intelligence committee members, Won said in a closed-door session that the intelligence authorities¡¯ investigation into the roots of the DDoS attacks discovered an IP address belonging to the North Korean ministry. Won also reportedly said the ministry was borrowing a line from China.

North Korea had been suspected as a possible perpetrator of the cyber attacks. The National Intelligence Service on July 10, three days after the first round of attacks, briefed intelligence committee members on its findings that linked North Korea to the cyber onslaught. But it had not previously cited a specific IP address used by a North Korean body. U.S. security expert Christopher Jordan, vice president of the computer security firm McAfee, once said such attacks may have started in South Korea.

The committee members said Won was pressed further about the investigation, but the intelligence chief refused to elaborate, on the grounds that doing so would reveal South Korea¡¯s national strategies.

On July 7, Web sites for the Blue House, the National Assembly, the Defense Ministry and other government agencies came under the DDoS cyber attacks. About a dozen U.S. Web sites, including those for the White House and the New York Stock Exchange, were also paralyzed.

A typical DDoS attack generates a large volume of traffic to overwhelm targeted Web sites and thus makes them inaccessible to the public. Such computers are referred to as ¡°zombie¡± computers.



By Kang Joo-an, Yoo Jee-ho [jeeho@joongang.co.kr]

JoongAng daily Hot issue


About the paper   |   Contact Us   |   Advertising   |   FAQ   |   Q&A   |   sitemap
JoongAngLogo

Copyright by JoongAng IlboTerms of Use   |   Copyright Policy   |   Privacy Policy   |   E-mail address privacy

All materials contained on this site are protected by Korean copyright law and may not be reproduced, distributed, transmitted, displayed, published or broadcast without the prior consent of Joins.com [Policy on the use of contents]