The National Intelligence Service (NIS) told legislators the raids were tracked to 86 Internet protocol addresses in 16 countries including the United States, Japan, China and Guatemala, lawmakers said.

Though not on the list of countries, North Korea is still suspected of involvement.

"The NIS suspects North Korea or its sympathisers are behind the attacks but it says it cannot be sure until the ongoing probe is completed," said Park Young-Sun from the opposition Democratic Party.

An unnamed source told news agency Yonhap that Seoul's spy agency believed the North Korean military's cyber warfare unit was responsible.

The NIS told lawmakers in a closed-door briefing that a research centre called "Number 110" seems to have orchestrated the attacks, Yonhap said, citing a source who had attended the briefing.

The research centre, which comes under the wing of the General Staff of the People's Army, "is a well-trained unit on cyber attacks" the source told the news agency.

The North has staged a nuclear test and numerous missile launches in recent weeks, raising regional tensions.

But a cyber attack, if confirmed, would be a new tactic.

Lawmakers said South Korea's spy agency based its suspicions on a statement by Pyongyang last month apparently warning of cyber warfare and on the fact that some of the targets were websites operated by conservatives.

The North's Committee for the Peaceful Reunification of Korea, lambasting Seoul over its plan to take part in a US-led drill against cyber attacks, said on June 27 that Pyongyang was "fully ready for any form of high-tech war."

The attacks this week have targeted government and private websites in the United States and South Korea.

The US State Department said its site also came under attack for a fourth day Thursday. The White House and Pentagon websites were among US government entities targeted earlier this week.

A third wave hit South Korea on Thursday evening, blocking or impeding access to at least seven sites operated by the country's largest lender, Kookmin Bank, plus government and media organisations.

Seoul-based portals said their mail services were temporarily disrupted.

Hackers have planted viruses in thousands of personal computers in South Korea and overseas.

These mounted "distributed denial of service" (DDoS) attacks designed to seek simultaneous access to selected sites and swamp them with traffic.

The network of virus-infected computers is known as a "botnet."

The Korea Communications Commission said Friday there had been a lull in the attacks after "botnet" hosting servers were isolated and "vaccine" programmes were widely distributed to PC users.

"The volume of attacks in the third round of cyber attacks was small and the impact was rather meagre," Park Cheol-Soon, a senior commission official, told AFP.

Hong Min-Pyo, president of security solution provider Shiftworks, said his company tracked down a server in New Jersey which was believed to have been spreading the bad codes.

"However, it's technically impossible to find out who initiated the attacks," he told AFP.

US experts were divided on whether the North was behind them.

"I don't think it was North Korea but there's really no proof either way," said Johannes Ullrich, chief technology officer for the SANS Institute's Internet Storm Center.

"The way this particular malware was written it looks like one guy wrote it in his basement over a weekend," he said. "But maybe that's what North Korea's cyber warfare unit looks like."

"It could be anybody," he continued. "It could be a South Korean. It could be a Chinese, whoever had motivation and the tools to do it. There's really nothing that points to a nation state."

earlier related report

South Korea to boost computer security
Seoul (UPI) Jul 10 - The South Korean Defense Ministry is to spend $20.32 million to improve security for its computer systems after this week's cyberattacks on its Web sites and those of financial institutions.

The move is part of the Ministry of Strategy and Finance's overall government budget announcement. It proposes an across-the-board 5 percent increase to $233 billion for 2010, according to a report by South Korean broadcaster Arirang.

National defense and social welfare research and development were among the areas with the largest budget increases. The Finance Ministry will submit the budget to Parliament for final approval in October.

The broadcaster also noted that the Cyber Terror Response Center, part of the National Police Agency, has set up a team to investigate the cyberattacks. Other departments, including the military, have also launched their own investigations.

Korean media have reported three days of attacks affecting Web sites including the president's office. The attacks occurred at similar times causing disruption of U.S. government Web sites.

The government issued a security warning to businesses in the wake of the distributed denial-of-service attacks, which cause major access slowdown and disablement. DDoS infections are introduced through malicious software that Cheong Wa Dae, the National Intelligence service, has said may have come from North Korean government hackers, although there is yet no official confirmation of their origins.

Major disruptions occurred on Web sites of the National Assembly, the Ministry of Public Information and Security, Kookmin Bank, the daily newspaper Chosun Ilbo and the online shopping site Auction. The Korea Communications Commission believes more attacks could be coming, according to a report in the Korea Times newspaper.

In an effort to stop further attacks, the commission ordered Internet operators KT, SK Broadband and LG Dacom to deny access to 30,000 known virus-infected computers.

Symptoms of DDoS include an unusually slow network performance, according to the U.S. Computer Emergency Readiness Team, part of the National Cyber Security Division of the Department of Homeland Security. Web sites may be unavailable or drastically limit access.

There could also be a large increase in spam e-mails, called an e-mail bomb attack. The bandwidth of a router between the Internet and a local area network may be consumed by an attack, resulting in the shutdown of an entire network.

Security analysts say one of the most effective ways to survive an attack is to have a separate emergency block of IP addresses for critical servers with a separate route.

U.S. Defense Secretary Robert Gates recently announced that the U.S. Strategic Command is to set up a new Cyber Command to oversee information technology security. U.S. President Barack Obama also announced a new cybersecurity office at the White House.

The Pentagon's Cyber Command is expected to be operational by Oct. 1, while South Korea's Defense Ministry has said it will have a similar command running by 2012.

Share This Article With Planet Earth

del.icio.us	Digg	Reddit
YahooMyWeb	Google	Facebook

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Memory Foam Mattress Review

SPACE MEDIA NETWORK PROMOTIONS Solar Energy Solutions Tempur-Pedic Mattress Comparison ... Newsletters :: SpaceDaily :: SpaceWar :: TerraDaily :: Energy Daily XML Feeds :: Space News :: Earth News :: War News :: Solar Energy News