Websites in 2 Koreas shut down on war anniversary

SEOUL, South Korea – Major government and media websites in South and North Korea were shut down for hours Tuesday on the 63rd anniversary of the start of the Korean War, and Seoul said its sites were hacked and alerted people to take security measures against cyberattacks.

It was not immediately clear if the shutdown of North Korean websites, including those belong to Air Koryo and the Rodong Sinmun newspaper, was due to those sites being hacked. Rodong Sinmun, Uriminzokkiri and Naenara websites were operational a few hours later.

South Korean National Intelligence Service officials said they were investigating what may have caused the shutdown of the North Korean websites, and North Korea didn’t make any immediate comment.

Seoul said experts were also investigating attacks on the websites of the South Korean presidential Blue House and prime minister’s office, and some media servers.

Tuesday’s attacks in South Korea did not appear to be as serious as a March cyberattack that shut down tens of thousands of computers and servers at South Korean broadcasters and banks. There were no initial reports Tuesday that banks had been hit or that sensitive military or other key infrastructure had been compromised.

It wasn’t immediately clear who was responsible, and North and South Korea have traded accusations of cyberattacks in recent years.

Operators of several Twitter accounts who purported to be part of a global hackers’ collective claimed that they attacked North Korean websites. The Associated Press received no answer to several requests to speak to the Twitter users. Shin Hong-soon, an official at South Korea’s science ministry in charge of online security, said that the government was not able to confirm whether these hackers were linked to Tuesday’s attack on South Korean websites.

South Korean officials blamed Pyongyang for the March attacks and said in April that an initial investigation pointed to a North Korean military-run spy agency as the culprit.

North Korea in recent weeks has pushed for diplomatic talks with Washington. But tensions ran high on the Korean Peninsula in March and April, with North Korea delivering regular threats over U.N. sanctions and U.S.-South Korean military drills.

Investigators detected similarities between the March cyberattack and past hacking attributed to the North Korean spy agency, including the recycling of 30 previously used malware programs — out of a total of 76 used in the attack, South Korea’s internet security agency said.

The March 20 cyberattack struck 48,000 computers and servers, hampering banks for two to five days. Officials have said that no bank records or personal data were compromised. Staffers at TV broadcasters KBS, MBC and YTN were unable to log on to news systems for several days, although programming continued during that period. No government, military or infrastructure targets were affected.

South Korea’s National Intelligence Service said North Korea was behind a denial of service attack in 2009 that crippled dozens of websites, including that of the presidential office. Seoul also believes the North was responsible for cyberattacks on servers of Nonghyup bank in 2011 and Joongang Ilbo, a national daily newspaper, in 2012.

North Korea also blamed South Korea and the United States for cyberattacks in March that temporarily disabled Internet access and websites in North Korea, where a small number of people can go online.

Experts believe North Korea trains large teams of cyber warriors and that the South and its allies should be prepared against possible attacks on key infrastructure and military systems. If the inter-Korean conflict were to move into cyberspace, South Korea’s deeply wired society would have more to lose than North Korea’s, which largely remains offline.

View comments

TAGS: cyberattacks, hacking, Internet security, korea, Websites