Malicious viral codes that paralyzed the computer systems of three banks and three broadcasting companies here Wednesday have been traced back to China, from where previous cyber attacks by North Korea were launched, government officials said Thursday.
"We strongly suspect Pyongyang," said an official from Cheong Wa Dae.
A special investigation team comprised of experts from private and public organizations analyzed the network system of Nonghyup, one of the three financial institutions to be attacked and concluded that Chinese Internet Protocol number 101.106.25.105 was used to send the codes.
The team was launched after systems at KBS, MBC and YTN along with Shinhan, Nonghyup and Jeju banks were paralyzed. Members are from the Korea Communications Commission (KCC), the National Police Agency and Korea Internet Security Agency (KISA).
"We presume all the six institutions were attacked by the same hacking group. We have yet to ascertain the identity of the hackers," said an official from the team.
So far, it is estimated that 32,000 computers at the television networks and banks were damaged. The financial institutions saw their operations significantly restored, Thursday, while the stations were still suffering from the effects.
MBC stated on its website, "800 computers out of 1,500 at our headquarters were damaged. This interrupted the company's advertising and accounting operations."
KBS said, "We worked all night to restore our computer network. The system is being normalized now."
The joint team estimates that it will take four to five days for complete restoration.
In readiness for any further attacks, the team conducted an emergency safety check on government bodies managing national infrastructure such as electrical power and transportation systems.
"We checked the Ministry of Land, Transport and Maritime Affairs; Ministry of Knowledge Economy; Ministry of Public Administration and Security and the National Intelligence Service. We did not find anything seriously wrong with those bodies."
But the team added that the possibility of further attacks cannot be ruled out.
KBS and MBC also raised concerns about further attacks, saying they found the word "HASTATI" on damaged computers that they assume was sent by the hackers.
Hastati were spear carrying infantry in the armies of the Roman Republic.
The government is now distributing free vaccine programs through www.boho.or.kr, a website run by the KISA to protect information security.
Police said it will likely take months to complete the investigation and completely identify the hackers, their methods and the exact point of origin of the attack because an international investigation will be needed with the cooperation of Interpol if the attacks were conducted from various countries.
It took seven months to confirm that North Korea carried out a cyber attack against major local daily the Joongang Ilbo last year.
Regarding why hackers targeted media organizations and banks, experts said it is psychological warfare aimed at creating social chaos.
"Broadcasters and banks are the best target to cause social mayhem because attacking those institutions can paralyze reporting and the means to form public opinions as well as cause huge economic losses," said Lim Jong-in, chief director of the Center for Information Security Technology at Korea University.