South Korea was on high alert Thursday for more cyber attacks amid suspicions that North Korea was behind a recent wave of Web site outages in the South and in the United States. The South warned that computer networks of key infrastructure could be targeted.
The National Intelligence Service said in a statement that it was strengthening cyber security measures for government computer networks, citing a possible new wave of attacks which could target national infrastructure operators like energy, telecommunications and media companies.
Earlier Thursday, the country's leading computer security company also warned that another wave of attacks was expected in South Korea later in the day.
Seoul-based antivirus software developer AhnLab said it has analyzed a virus program that sent a flood of Internet traffic to paralyze Web sites in both South Korea and the United States. It said seven South Korean sites were likely to be targeted on Thursday, including those of the Ministry of Public Administration and Security, Kookmin Bank and the mass-circulation Chosun Ilbo newspaper.
South Korean intelligence officials believe North Korea or pro-Pyongyang forces were behind the cyber attacks in the U.S. over the July 4 U.S. Independence Day holiday weekend and in South Korea since Tuesday.
Some South Korean sites remained inaccessible or unstable on Thursday, including the National Cyber Security Center, affiliated with the main spy agency.
The National Intelligence Service informed members of parliament's intelligence committee of its assessment on Wednesday, according to aides to two of the lawmakers. They spoke on condition of anonymity given the classified nature of the information.
The spy agency declined to confirm the information provided by the aides but said in a statement that the sophistication of the attacks suggested they were carried out at a higher level than rogue or individual hackers.
The agency's new statement Thursday didn't mention suspected North Korean involvement and only repeated it was closely cooperating with the U.S. and other countries to discover the origin of the attacks.
U.S. authorities also eyed North Korea as the origin of the trouble, though they warned it would be difficult to identify the attackers quickly.
Three U.S. officials said that while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved Kim Jong Il's government in Pyongyang. They spoke on condition of anonymity because they were not authorized to speak publicly on the matter.
On Thursday, the Dong-a Ilbo newspaper reported that South Korea has detected signs that North Korea or its sympathizers in China or elsewhere committed the cyber attacks.
The paper, citing an unidentified government official, said the assessment was made after an investigation on infected computers' IP addresses — the Internet equivalent of a street address or phone number.
South Korean media reported in May that North Korea was running a cyber warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service.
The communist North has recently engaged in a series of threats and provocative actions widely condemned by the international community including a nuclear test and missile launches, including firing seven ballistic missiles on July 4 in violation of U.N. Security Council resolutions.
The cyber outages were caused by so-called denial of service attacks in which floods of computers all try to connect to a single site at the same time, overwhelming the server that handles the traffic, the state-run Korea Information Security Agency said.
In South Korea, 12 sites were initially attacked Tuesday, followed by attacks Wednesday on 10 others, including those of government offices like the presidential Blue House and the Defense Ministry, banks, vaccine firms and Web portals. The U.S. targets included the White House, Pentagon, Treasury Department and the New York Stock Exchange.
South Korea issued a cyber security alert Wednesday, establishing an ad hoc office to monitor and obstruct cyber attacks on state agencies around the clock. The Ministry of Public Administration and Security said in a statement that personal computers of all civic servants are required to undergo an emergency inspection.
The state-run Korea Communications Commission said Thursday it was considering raising the alert level again to "orange," the second highest of four levels of alertness, if more cyber attacks occur and cause serious problems.
The "orange" level requires the government to mobilize more personnel and equipment to cope with cyber attacks, said agency official Ku Kyo-young. The current level is "yellow."
Ku said about 20,000 computers in South Korea had been infected by Wednesday evening and the number could have increased.
There were no immediate reports of financial damage or leaking of confidential national information, according to the Korea Information Security Agency. The attacks appeared aimed only at paralyzing Web sites.