Major broadcasters, banks suffer computer network outage

South Korea suffered its first information security outage in history around 2 p.m. Wednesday, with the computer networks of major broadcasters and several financial institutions frozen.

The Korea Communications Commission learned that broadcasters KBS, MBC and YTN, and Shinhan Bank and Nonghyup suffered damage from the cyberattack. The freeze is believed to have been caused by a precision attack by hackers rather than one involving denial of access, or DDoS, used to freeze the website of South Korean government organizations and media companies in the past. The identity of the hackers and their purpose remain unknown.

In the wake of the crash of computer networks, the government convened a cyber crisis meeting of officials from 10 agencies, including the Korea Communications Commission, the Public Administration and Security Ministry, the Defense Ministry, and the National Intelligence Service, and issued an “alert” warning against a cyber crisis at 3 p.m. The five-level cyber crisis warnings are rated normal, attention, alert, caution and serious according to the severity of crisis.

The computer network outages were done in the form of disabling staff PCs of the companies concerned. Watchers say computer screens went dark all of sudden before the PCs were disabled. As the operating system failed to resume even when the computers were switched back on, broadcasters had a hard time producing news and other programs. Banking service at Shinhan, Nonghyup and Jeju banks also faced disruptions.

Online security experts say the freeze would have started at groupware that LG U+ provides to the companies. When the staff turned on their computers, they accessed LG’s servers and ended up downloading malicious code placed by hackers. As a result, the malicious code began operations in unison at 2 p.m. to cause the crash. LG U+ said, “There was no problem with the communication network at all.” Yet the telecom carrier stopped short of making any elaboration about problems with the groupware that it provided, merely saying, “Groupware is an area managed by individual companies and not directly related with a telecom carrier.”

On the possibility that the outages were caused by North Korean cyberattack due to rising inter-Korean tension, the commission said, “At this point, it is premature to mention North Korea without having specific grounds.” Kim Seung-joo, a professor at Korea University’s school of information security, said, however, “Key targets of North Korea’s cyberattack are media and financial companies, which could cause social anxiety,” adding, “At the scene, experts say the latest attack is similar in method to that on the JoongAng Ilbo (a major South Korean daily) committed by North Korea last year.”

sanhkim@donga.com