`NK Cyber Warfare Unit Masterminding DDoS Attacks`

The North Korean military`s cyber warfare unit is believed to be responsible for this week`s massive cyber attacks on major South Korean and U.S. government and civilian Web sites.

South Korea`s National Intelligence Service said this to lawmakers yesterday.

Park Sung-do, second deputy director of the service, told an unofficial meeting with members of the National Assembly’s intelligence committee yesterday morning that a research center called "No. 110," under the Reconnaissance Bureau of the North Korean People’s Army is believed to have masterminded the distributed denial-of-service (DDoS) attacks.

The intelligence agency obtained data that Pyongyang gave an order around June 7 to covertly “destroy” Seoul’s telecommunications network and develop a hacking program.

In addition, intelligence found circumstantial evidence that the North conducted a mock hacking exercise against the computer science department of Tongmyong University in Busan and the Korea Information Security Agency. South Korean and U.S. intelligence authorities Saturday also detected signs that 12,000 South Korean and 8,000 U.S. computers will likely have problems.

The intelligence agency suspects North Korea because the methods used in this week’s cyber attacks are similar to those adopted by the North before, and the target of the attacks are focused on certain Web sites.

The malicious codes were distributed by 86 Internet protocols in 16 countries, including 28 in the United States, 22 in Japan, seven in China and five in South Korea. North Korea was not included among those countries.

The 26 personal computers infected with the malicious codes had professional software programs installed, including Visual Studio 2008. The spy agency said such circumstances indicated that the attack was elaborately planned to prevent Internet protocol reverse tracking.

Web site disruptions abated yesterday on the fourth day of the DDoS attacks, however, with fewer cases of computer destruction by malicious codes reported. Online security experts said the situation shows signs of abating, though it is too early to feel totally safe.

They said the damage from the third round of attacks was smaller than the previous two because of relatively low Internet traffic and most of the affected Web sites changed their Internet addresses. The government also blocked host sites that cause unsuspecting users to download malicious codes.

There were no signs of a fourth round of attacks.

From midnight today, the malicious codes hidden in “zombie” computers began to be executed, formatting hard disks on those computers. Fears arose that as many as tens of thousands of computers could be destroyed, but just 263 computers were reported destroyed as of 4 p.m. yesterday.

Seoul will set aside 20 billion won (1.56 million U.S. dollars) to increase equipment to cope with additional DDoS attacks. It plans to install traffic distribution equipment on major public Internet sites.