Major computer crash in SKorea; hackers suspected

Computer networks crash at South Korean banks, media companies; North Korea attack suspected

SEOUL, South Korea (AP) -- Computer networks at major South Korean banks and top TV broadcasters crashed en masse Wednesday, paralyzing bank machines across the country and prompting speculation of a cyberattack by North Korea.

Screens went blank at 2 p.m. (0500 GMT), with reports of skulls popping up on some computer screens, the state-run Korea Information Security Agency said — a strong indication that hackers planted a malicious code in South Korean systems. Some computers came back online more than 2 ½ hours later.

Police and South Korean officials couldn't immediately determine the cause. But experts said a cyberattack orchestrated by Pyongyang was likely to blame. The rivals have exchanged threats following U.N. sanctions meant to punish North Korea over its nuclear test last month.

The shutdown appeared to be more of an inconvenience than a source of panic. There were no immediate reports that bank customers' records were compromised. It also didn't affect government agencies or networks essential to the country's infrastructure, such as power plants or transportation systems.

Still, it raised worries about the overall vulnerability to attacks in South Korea, a world leader in broadband speed and mobile Internet access. Previous hacking attacks at private companies compromised millions of people's personal data. Past malware attacks also disabled access to government agency websites and destroyed files in personal computers.

The shutdown comes amid rising rhetoric and threats of attack from Pyongyang in response to U.N. punishment for its December rocket launch and February nuclear test. Washington also expanded sanctions against North Korea this month in a bid to cripple the regime's ability to develop its nuclear program.

North Korea has threatened revenge for the sanctions and for ongoing routine U.S.-South Korean military drills it considers rehearsals for invasion.

Seoul believes North Korea runs an Internet warfare unit aimed at hacking U.S. and South Korean government and military networks to gather information and disrupt service.

Seoul blames North Korean hackers for several cyberattacks in recent years. Pyongyang has either denied or ignored those charges. Hackers operating from IP addresses in China have also faced blame.

The latest network paralysis took place just days after North Korea accused South Korea and the U.S. of staging a cyberattack that shut down its websites for two days last week. Loxley Pacific, the Thailand-based Internet service provider, confirmed the outage but did not say what caused the shutdown in North Korea.

Shinhan Bank, a major South Korean lender, reported a two-hour system shutdown Wednesday, including online banking and automated teller machines. It said networks later came back online, and that banking was back to normal at branches and online. Shinhan said no customer records or accounts were compromised.

The other bank, Nonghyup, also a major lender, said its system eventually came back online. Officials didn't answer a call seeking details on the safety of customer records.

Jeju Bank said some of its branches also reported network shutdowns.

At one Starbucks in downtown Seoul, customers were asked to pay for their coffee in cash, and lines were forming outside disabled bank machines. Seoul is a largely cashless city, with many people relying on debit and credit cards to pay for goods and services.

Broadcasters KBS and MBC said their computers went down at 2 p.m., but officials said the shutdown did not affect daily TV broadcasts. Computers were still down more than three hours after the shutdown began, the news outlets said.

The YTN cable news channel also said the company's internal computer network was completely paralyzed. Footage showed workers staring at blank computer screens.

KBS employees said they watched helplessly as files stored on their computers began disappearing as the computer went into shutdown mode.

"It's got to be a hacking attack," Lim Jong-in, dean of Korea University's Graduate School of Information Security. "Such simultaneous shutdowns cannot be caused by technical glitches."

The South Korean military raised its cyberattack readiness level but saw no signs of cyberattacks on its networks, the Defense Ministry said.

No government computers were affected, officials said. President Park Geun-hye called for quick efforts to get systems back online, according to her spokeswoman, Kim Haing.

In 2011, computer security software maker McAfee Inc. said North Korea or its sympathizers likely were responsible for a cyberattack against South Korean government and banking websites earlier that year.

The analysis also said North Korea appeared to be linked to a 2009 massive computer-based attack that brought down U.S. government Internet sites.

Pyongyang denied involvement.

But the accusations from both sides show that the warfare between the foes has expanded into cyberspace.

Last week, North Korea's official Korean Central News Agency accused South Korea and the U.S. of expanding an aggressive stance against Pyongyang into cyberspace with "intensive and persistent virus attacks."

South Korea denied the allegation and the U.S. military declined to comment.

Lim said hackers in China were likely culprits in the outage in Pyongyang.

But signs Wednesday pointed to North Korea, he said.

"Hackers attack media companies usually because of a political desire to cause confusion in society," he said. "Political attacks on South Korea come from North Koreans."

Last week, North Korea's Committee for the Peaceful Reunification of Korea warned South Korea's "reptile media" that the country was prepared to wage a "sophisticated strike" on the country.

Orchestrating the mass shutdown of the networks of major companies would take at least one to six months of planning and coordination, said Kwon Seok-chul, chief executive officer of Seoul-based cyber security firm Cuvepia Inc.

The company that provides network services for the companies that suffered outages said it did not spot signs of a cyberattack on its networks, said Lee Jung-hwan, a spokesman for LG Uplus Corp.

Lim said tracking the source of the outage would take months.


Associated Press writers Sam Kim and Foster Klug contributed to this report.