Download Worksheet
April 4th, 2013

South Korea Hit Hard by Massive Cyber-Attack


Published April 1, 2013

In today’s interconnected world, digital attacks on computer networks and infrastructure can bring entire countries to a standstill.  In what is now becoming a yearly event, South Korea was hit March 20 by a major cyber-attack that paralyzed the computer systems of three major South Korean banks and the country’s two largest broadcasters. However, it remains unclear who is responsible for the attack, or what their goals were.

Researchers search for computer viruses at Hauri Inc., the IT security software vendor, on March 21, 2013 in Seoul, South Korea. (Photo by Chung Sung-Jun/Getty Images)

Researchers search for computer viruses at Hauri Inc., the IT security software vendor, on March 21, 2013 in Seoul, South Korea. (Photo by Chung Sung-Jun/Getty Images)

Attacks hit banks, broadcasters hard

The attacks left many South Koreans without easy access to cash as computer systems and ATMs at three of the country’s largest banks stopped functioning.

The publicly funded Korean Broadcasting System (KBS) was able to continue its broadcast on schedule, but the office’s computers were frozen. Munhwa Broadcasting Corporation (MBC) and YTN, two of South Korea’s other large broadcasting systems, faced similar computer issues.

Overall, the attack disabled an estimated 30,000 computers.

The computer systems at the three affected banks came back online just two days after the attacks, but TV networks took longer to recover.

The attacks did not affect the South Korean government, military, infrastructure, or other computer operating systems in the country.

Investigators look for the source of the attack

The Korea Communications Commission announced March 21 that the computer virus’s Internet Protocol (IP) address indicated that it originated in China. By the next day, the KCC corrected its statement, saying that the IP address actually belonged to a computer on the internal network of Nonghyup Bank, one of the South Korean institutions hit by the attacks. The bank’s internal IP address happened to be identical to a public IP address in China.

“We were careless in our efforts to double-check and triple-check,” said KCC official Lee Seung-won of the misstep, blaming the error in identifying the IP address on investigators’ rush to answer the public’s concerns about who was behind the attacks.

As the government searches for answers about this incident, it is also anticipating future attacks. South Korea has experienced a cyber-attack every year since 2009.

“There’s definitely concern there will be more attacks. I think there’s also concern that the government—which told us one thing yesterday and another thing today—might not necessarily have a handle on what’s going on,” Robert Koehler of the South Korean discussion blog Marmot’s Hole told the NewsHour.

Questions still surround the attacks

Despite the investigation that connected the IP address to Nonghyup Bank, the public is still suspicious of the origin of the attacks on KBS and MBC. North Korea has previously threatened to attack South Korean news stations for criticizing its government, and has been openly hostile to both South Korea and the U.S.

However, an official at the KCC told the Chosun Ilbo newpaper that they, “traced some IP addresses found on [affected] computer networks to overseas sources like the U.S. and a few European countries.”

Investigations are underway into different potential sources and reasons for the attack. The South Korean government is even looking to create a new Cyber Security Secretary position. If approved, this official would work to cope with, and ultimately prevent, future attacks like the one on March 20.

 — Compiled by Laura Sciuto for NewsHour Extra

Submit Your Student Voice

NewsHour Extra will not use contact information for any purpose other than our own records. We do not share information with any other organization.

RSS Content

Tooltip of RSS content 3