N Korea’s involvement suspected
By Kim Rahn
The prosecution is tracing Internet protocol (IP) addresses from China which are suspected of having been used in the cyber attack on Nonghyup, or the National Agricultural Cooperative Federation.
Prosecutors said Tuesday that after examining log-in records and files of Nonghyup servers, they found IP addresses which seem to have been used by outsiders.
Those IPs were connected to the servers just before the network crash took place, they said.
Some of the IPs were based in China and investigators are tracing them. It may take two to three weeks for them to analyze the addresses, as the attack was done in a very complicated manner.
Prosecutors said they aren’t ruling out the possibility of North Korea’s involvement in the attacks ㅡ an allegation raised by several newspapers.
“We can’t clearly say that it was done by the North. But we are sure that Chinese IPs were involved,” a prosecutor said.
The situation is similar to March’s massive cyber attack on websites of government agencies and financial institutions, which police concluded was carried out by North Korea using Chinese IP addresses.
But the prosecutor said they are not ruling out the possibility that the perpetrators used overseas addresses to deliberately confuse investigators.
Prosecutors also said they have almost finished questioning officials and staffers of the banking group and IBM over the incident, adding more than 30 had been interrogated so far.
It was found that a laptop of an IBM worker, who was at Nonghyup’s IT center under an outsourcing contract, was used to command the deletion of files at servers on April 12. The prosecution said the deletion program was installed on the laptop at least a month before being executed.
Considering the laptop was connected to the Internet, prosecutors suspect the perpetrators penetrated the IT network and operated the command remotely.
The bank has not seen a complete recovery from the network crash yet, causing nationwide inconvenience.