By Jane Han
Staff Reporter

A fresh wave of cyber attacks is expected to hit major South Korean Web sites Thursday evening, a local security solutions company said.

Ahn Lab Inc. made the warning, saying its security specialists expect cyber attacks on seven South Korean Web sites to start at 6 p.m. and last about 12 hours.

The warning came after tens of major Web sites of Korea and the United States had been hit by cyber attacks Tuesday and Wednesday.

The massive attack paralyzed major government Web sites here, including Cheong Wa Dae, the Ministry of National Defense and the National Assembly, as well as Shinhan and Korea Exchange banks and Internet portal service provider Naver.

The unprecedented hacking led to a shutdown of the sites or “no access” messages.

So far, the identities of the infiltrators are a mystery and the motives behind the attacks are also largely unknown.

According to statements, a virus was sent to many personal computers in both countries directing them to visit the targeted Web sites at the same time. Since July 4, U.S. sites and systems have come under similar attacks, which are believed to be able to overwhelm anti-hacking security systems in place.

North Korea is suspected of playing a part in the latest round of cyber “warfare” that paralyzed government networks and leading portal servers, sources quoted the National Intelligence Service (NIS) as saying in a briefing to lawmakers Wednesday.

Sites run by the presidential office, the Assembly, the defense ministry and Naver were down from Tuesday evening to beyond midnight.

China, North Korea and Russia were initially thought to be possible culprits. But the NIS briefed the lawmakers on its analysis which tentatively concluded that Pyongyang or its sympathizers were behind the cyber attacks. It was not immediately available how the NIS came to such a conclusion.

Earlier in the day, the Korea Communications Commissions (KCC), the nation’s telecom regulator, said tracking down the source of the DDoS attacks will be difficult, as they involve a huge number of sources and are hard to pin down.

These types of attacks are orchestrated to send a flood of electronic traffic to a targeted Web site, which eventually overloads the computer network and renders it inaccessible. They are known to be easy to launch and are highly disruptive.

No major damage has been reported so far, according to the state-run Korea Information Security Agency (KISA), but it warned that future shutdowns cannot be ruled out as networks remain unstable.

Sites of leading online shopping mall Auction and major daily Chosun Ilbo ? as well as Cheong Wa Dae ? also remained inaccessible.

The KCC issued a warning against future attacks, while the defense ministry is considering raising its Information Operations Condition status to a heightened alert level.

According to police data, over the past five years cyber hacking cases have surged 30 percent in Korea, one of the world’s most wired nations with over twothirds of the population having high-speed Internet access.

KISA spokeswoman Ahn Jeongeun said hacking attempts are increasing, but defended the country’s cyber security standards.

“We uphold high system standards, but it is difficult to stave off a large-scale attack that has been waged for a specific purpose,” she said, adding that Korean Web sites have already been made aware of the recent assaults and are devising solutions.

KISA officials said they are looking at why simultaneous attacks were made starting around 6 p.m. Tuesday evening.

Chung Hee-nam of the National Association of Hacking and Security said that defense against DDoS has been on South Korea’s 2009 information-technology todo list, but noted that individual personal computer owners must protect their own systems from being exploited to launch a daemon.

The KCC said more than 18,000 computers have been affected by the latest attack, adding that it requested Internet service providers to distribute vaccine programs to those users whose computers have been infected.

jhan@koreatimes.co.kr