Hacker Attack Traced to IP Address in S.Korea

      March 25, 2013 10:23

      The malware that paralyzed the internal computer network at agricultural lender Nonghyup during a massive cyber attack on banks and broadcasters here last Wednesday has been traced to one of its own IP addresses, not a Chinese IP address as originally believed.

      But that does not necessarily mean the attack was launched by a South Korean hacker because the Nonghyup IP address is believed to be that of an intermediate router rather than the original source of the cyber-attack.

      A combined civilian, government and military team of investigators still believe North Korean hackers were behind the attack via a third country.

      In a press briefing last Friday, the Korean Communications Commission said careful analysis of the Chinese IP address that was originally believed to have been used in the cyber attack showed that the IP address belongs to a Nonghyup employee, not a Chinese entity.

      The previous day, the KCC had linked the malware in Nonghyup's update server to a Chinese IP address. The commission made the mistake because it failed to notice the difference between public and private IP addresses.

      The IP address (101.106.26.105) which the investigators discovered in the Nonghyup system was an international public IP address that belonged to a Chinese entity.

      Companies assign private IP addresses to all devices within their computer systems. Lee Seung-won, chief of the KCC's network and information protection team, said, "By accident, the Chinese public IP address was identical to a private IP address assigned by Nonghyup. There are international standards to follow when assigning private IP addresses, but Nonghyup didn't do that, which caused the confusion."

      The government is still investigating the possibility that the latest cyber-attack came from abroad. "We traced some IP addresses found on MBC and YTN computer networks to overseas sources like the U.S. and a few European countries," another KCC official said. "We're still trying to find out who is behind the attacks on the other institutions."

      • Copyright © Chosunilbo & Chosun.com
      이전 기사 다음 기사
      기사 목록 맨 위로