25 March 2013
South Korea cyberattack traced to U.S. and Europe, not China
By Shaun Waterman
The Washington Times


A South Korean police officer from the Digital Forensic Investigation unit leaves the Cyber Terror Response Center at the National Police Agency in Seoul on Friday, March 22, 2013. (AP Photo/Ahn Young-joon)

Some of the malicious software that paralyzed computer networks at major South Korean banks and TV broadcasters last week originated in the United States and three European countries, authorities in Seoul said Monday.

�We traced some IP [Internet protocol] addresses found on [affected] computer networks to overseas sources like the U.S. and a few European countries,� an official of Seoul�s telecommunication regulator, the Korea Communications Commission (KCC), told the Chosun Ilbo newspaper Monday.

Yonhap news agency reported that Seoul's National Police Agency had asked the United States and three unnamed European nations to assist in the investigation by providing help in identifying the users of the IP addresses.

Three national South Korean TV broadcasters and three major banks suffered a massive cyberattack Wednesday when malicious software, or malware, wiped all the data from more than 30,000 computers, knocking bank websites offline and closing ATMs.

Following the attack, the KCC initially said it had traced the malware to a Chinese IP address, fueling speculation that North Korea might be behind the incident.

But the next day, the commission said it had been mistaken, blaming the rush to make public as much information about the attack as possible.

Global Network