S. Korea links IP addresses to 5 sites
More clues emerge in cyber attacks
SEOUL - South Korea is learning more about the mysterious cyber attacks that targeted the country and its ally the United States, but the ultimate question of who the instigators are remained elusive.
The state-run Korea Communications Commission said yesterday that it had identified and blocked five Internet Protocol, or IP, addresses in five countries used to distribute computer viruses that caused the wave of website outages in the two countries that began in the United States on July 4. None were from North Korea, which South Korean officials suspect might have been involved.
The IP addresses - the Web equivalent of a street address or phone number - may point to the computers that distributed the virus that triggered so-called denial of service attacks. In such assaults, floods of computers try to connect to a single site at the same time, overwhelming the server and making it inaccessible or unstable.
The addresses were in Austria, Georgia, Germany, South Korea, and the United States, a commission official said.
He spoke on condition of anonymity because he is not authorized to speak to the media on the record.
Speculation over who was responsible for the attacks that targeted high-profile websites including those of the White House and South Korea’s presidential Blue House, had centered on North Korea.
The country, Seoul’s rival for six decades for control of the heavily armed and divided Korean peninsula, has drawn repeated international rebuke in recent months for threats and actions widely seen as provocative by the international community.
Those include a nuclear test in May and short-range ballistic missile launches on July 4.
And though circumstantial evidence pointing to involvement by the North or those sympathetic to it has been trickling out since word of the attacks emerged earlier this week, the identity of the IP addresses themselves provides little in the way of clarity.
That is because it is probable that the hackers, whoever they are, used the addresses to disguise themselves - for instance, by accessing the computers from a remote location.
IP addresses can also be faked or masked, hiding their true location.
At any rate, South Korea’s move to block them helps prevent the computers from being used again to distribute viruses or to carry out denial of service attacks.
The commission official also said that South Korea blocked another 86 IP addresses in 16 countries that were used to spread different viruses that damaged hard disks or files in computers they contaminated. The commission said that 356 such cases were reported in South Korea by late yesterday.
Most of the finger-pointing at North Korea has come from South Korea’s main spy agency, the National Intelligence Service - though not directly.
Allegations have been relayed to the public via members of parliament’s intelligence committee who have been briefed on the attacks in writing and verbally.
The lawmakers have said North Korea was believed suspect given a threat it made in state media last month, in which it boasted of being “fully ready for any form of high-tech war.’’
Yesterday, the spy agency briefed lawmakers on circumstantial and technical reasons for believing North Korea could be behind the assaults, ruling party lawmaker Chung Chin-sup said without elaborating.
But the agency also cautioned it was too early to conclude the North was responsible because probes were still underway, according to Park Young-sun, another member of the intelligence committee.
