The Korea Herald

지나쌤

N.K. confirmed behind JoongAng Ilbo hacking

By Korea Herald

Published : Jan. 16, 2013 - 19:45

    • Link copied

North Korea is responsible for last year’s cyber attack on a Seoul newspaper that crippled its server and Web site, South Korean police said Wednesday.

The National Police Agency (NPA) said the hacking method and Internet protocol (IP) addresses used for the attack on the JoongAng Ilbo, one of the country’s major conservative media outlets, were either similar or identical to those used by the North in previous attacks.

A drawing of a white cat grinning and covering its mouth was posted on the Web site of the JoongAng Ilbo on June. 9, 2012, the NPA said. Beneath the picture were the words, “Hacked by IsOne,”

with complicated codes marked in green.

The main server of the firm’s cyber system was also attacked and substantial data were destroyed from the production system of the newspaper, the NPA added.

Police officers pinpointed Pyongyang as the perpetrator after analyzing access records of the hacked system, malicious codes, the IP addresses of two local servers and 17 servers spread in 10 different countries.

“We are weighing the possibility of the intentional attack, judging from a variety of circumstances,” an NPA official said.

It is the fifth time that Pyongyang has been found to be held liable for the cyber attacks on Seoul’s Web sites, officers said.

Pyongyang attacked the computer system of Nonghyup, one of the country’s major banks, in 2011; major government and business Web sites in 2009 and 2011; and email accounts of Korea University in 2011.

Police officers said one of the IP addresses of an overseas server used to break into the Nonghyup network and for the distributed denial-of-service (DDoS) attack in March, 2011 is identical to the latest attack.

The officers said that it is highly unlikely that one IP address is used for three different counts of incidents since there are nearly 4 billion addresses around the globe.

The malicious codes used by the North when hacking into e-mail accounts of students and alumni of Korea University were also identical, they added.

Access from IP address of the North Korean Ministry of Post and Telecommunications started on April 21 last year, the NPA said, adding that it was when Pyongyang threatened to attack Seoul’s conservative media firms.

After two months of preparations, Pyongyang-hired hackers attacked a personal computer of an official at the firm on June. 7 and deleted data from the system on June. 9, they said.

North Korea previously rejected the results of the investigation, which stated they were behind the attacks, and accused the South of “fabricating” the inspection. (Yonhap News)