Seoul: South Korean security agencies Wednesday probed a widespread cyber attack that shut down US and South Korean official websites, as a report said North Korea or its sympathisers were suspects.
The National Intelligence Service (NIS) said it had launched a joint investigation with other security authorities into the breach.
“This is not a simple attack by individuals. The attack appeared to have been elaborately prepared and staged by a certain organization or state,” it said in a statement without elaborating.
Yonhap news agency said the NIS had told members of parliament’s intelligence committee that the communist North or its sympathisers may have instigated the cyber attack, which caused some sites to crash.
“The NIS has been telling committee members that North Korea or a pro-North Korean force might be behind the cyber terror,” it quoted one legislator as saying.
The committee, which is briefed in private, was reportedly to receive an official report Thursday from the intelligence service.
A NIS spokesman said he could not immediately confirm the report.
In its statement the NIS said US authorities were cooperating to track down those responsible for hijacking 12,000 personal computers in South Korea and 8,000 abroad which were exploited as vehicles for the attacks.
The Korea Information Security Agency said 25 US and South Korean sites were hit Tuesday evening and the domestic sites were shut down for nearly four hours.
“The sites hit yesterday included 14 US sites including government ones,” a spokesman told AFP, refusing to confirm a Yonhap report that the White House website was among those attacked.
In Korea the defence and foreign ministries, the ruling party, parliament and the US-South Korea combined forces military command were among the 11 entities affected.
South Korea is one of the world’s most wired countries, with 95 percent of homes having broadband access, according to a recent US survey.
The regulatory Korea Communications Commission said hackers had caused an attack known as a distributed denial of service (DDoS) by planting viruses in thousands of computers.
“Malicious codes which cause DDoS attacks have infected more than 18,000 personal computers,” commission official Hwang Chul-Jung told reporters.
Hackers continued to attack some sites Wednesday, he said, adding Internet service providers were distributing a programme to remove the virus.
DDoS attacks involve the sending of huge amounts of data that cause web servers to seize up.
“Hackers used home computers for simultaneous distributed denial of service attacks. We are now tracking down the origin of such attacks,” an investigator with the police Cyber Terror Response Centre told AFP.
The damage appeared limited.
The defence ministry said the attackers apparently focused on its external network. It said internal data and secret information remained intact.
Among the private Korean sites infiltrated were a newspaper and two major lenders, Shinhan Bank and Korea Exchange Bank, officials said.
Most sites attacked Tuesday had since returned to normal but some could still not be accessed Wednesday morning.
The Defence Security Command last month reported that the nation’s military computer networks were under ever-growing cyber attack, with 95,000 cases reported daily on average.
The command said most were the same as those experienced by ordinary users, but 11 percent were sophisticated attempts to gather intelligence.
The military said last month it would launch a cyber warfare command centre by 2012 to fend off attacks on government and military IT networks from North Korea and other countries.
Experts have said North Korea and China run elite hacker units.
In 2004 hackers based in China used information-stealing viruses to break into the computer systems of Seoul government agencies.
Last year Prime Minister Han Seung-Soo warned against what he said were attempts by Chinese and North Korean computer hackers to obtain state secrets.