`Malicious server attack caused Nonghyup Bank glitch`

Prosecutors said Monday that the network crash at the National Agricultural Cooperatives Federation aka Nonghyup Bank was caused by cyber attack.

The Seoul Supreme Prosecutors’ Office blamed the incident on a suspected server expert who executed a malicious program meticulously designed for the attack, saying, “The instruction that ordered the deletion of data (rm.dd) to the bank’s network was part of the attack software prepared in advance.”

“The software used in the server attack is known to have been designed by someone who knows the structure of Nonghyup’s network well,” a prosecution source said. “Given the way it was attacked, neither an unintentional crime nor a simple glitch was likely.”

“But it`s hard to say it was committed by an insider at Nonghyup IT center or an outside hacker that closely monitored the bank’s server structure for a long time.”

Prosecutors confirmed that the “super root,” or the highest level of access, to the main server was possible only through a fixed IP address given in advance to an IBM Korea employee in charge of server management and four or five Nonghyup IT center employees.

The suspects were banned from leaving the country and prosecutors were investigating their whereabouts on the day of the incident. In particular, investigators focused on how the malicious software was installed in the laptop that was used as a channel to the bank’s main server.

The contractor’s employee in charge of the laptop denied any wrongdoing, saying, “I didn’t know that an attack program was installed or executed.”

Other employees in the same office said they did their work with their own laptops and did not touch others’ notebooks. To narrow down the scope of suspects, prosecutors investigated the phone records and analyzed surveillance camera footage near the office around the time when the attack occurred.

Nonghyup also blamed its system breakdown on a "meticulous and malicious cyber attack" that went beyond general hacking.