Internet Attack Seemed to Be Settled Down

The unprecedented Internet disaster seemed to be settled down on the 27th as financial trades such as bank and stock are normalized.

On the 27th, according to the Financial Supervisory Service, the financial community, on-line shopping malls and Internet service providers (ISP) such as KT, Internet access and cyber trades through Internet are normalized now.

However, as the aftermath of the disaster, the troubled Domain Name System servers in KT telephone Hyehwa office got doubled traffic still.

The Ministry of Information and communication said, “Until now (4:00 p.m.), DNS servers in Hyehwa telephone office has been receiving 60 thousand packets per second, which is doubled the normal amount of 26 thousand ~ 29 thousand per second. It is estimated that the worm virus is still active.”

The Ministry also said that the KT increased capability up to 85 thousand packets per second by installing ten more servers, so there is no problem in using Internet.

On the other hand, as the Base21, an electronic system for stocks, failed on the same day, thirteen stock companies had failed to trade stocks for about five minutes from 9:50 a.m.

An expert said, “The communication set of Base21 was overloaded as the worm virus which attacked Internet on the 25th made a large quantity of unnecessary information in the external network terminal. We immediately ran security system and restored so there was no problem in internal network.”

The Financial Supervisory Service explained on the same day, “We concluded that if the virus is activated again, the electronic financial service would be stumbled, so we organized task force in IT offices of FSS.”

In addition, department against cyber terrorism of the Police reported on the 27th that it confirmed eleven IP addresses from three foreign countries including the U.S. as the possible center of the disturbance for this worm virus.

The Police also reported there is a possibility that an unknown hacker adjusted intentionally the worm virus attack program which was revealed by a Chinese hacker group and spread it, so it cooperates with Interpol to analyze information.

According to the Police, there is eleven IP addresses confirmed through which Internet worm connected and came into via the networks of four main telecommunication companies such as KT, Hanaro Telecom, Thrunet, Dacom. This is the result of analysis of foreign IP addresses and out of eleven IP addresses, seven came from the U.S., two from China, two from Australia.

The worm virus flowed in twice, at 1:29 p.m. and 2:21 p.m. on the 25th, but they did not have great impacts. At 2:29 p.m. on the same day, a variant flowed in from China and made networks of domestic telecommunication companies be overloaded.