Hundreds of computers that helped cause a wave of outages on U.S. and South Korean government websites last July launched new attacks on the same sites, but no major interference was reported, police said Thursday.
The computers were programmed to attack every July 7, according to police, so this year’s assault appeared to be a continuation of last year’s, which began over the July 4 holiday weekend in the U.S. but reached South Korea on July 7.
More than 460 computers infected with malicious computer codes assaulted 25 websites, including those of the White House and South Korea’s presidential Blue House, on Wednesday, said Jeong Seok-hwa, a police officer handling investigations of the cyberattacks.
Although last year’s attacks were initially blamed on North Korea, experts have more recently said they have no conclusive evidence that it was behind the assaults.
The malicious computer codes, called malware, triggered denial of service attacks, in which large numbers of computers try to connect to a site at the same time in an attempt to overwhelm the server.
“But the attacks were so weak that there were no problems in accessing the sites,” Jeong said.
An analysis of an infected computer in Seoul showed that it was programmed to attack every July 7 and the malware used was identical to that used last year, said Hyun Jae-sub, another police official. In other words, the computers apparently attacked again this year because last year’s malware hadn’t been removed, not because another assault was launched.
Hyun said the attacks were traced to computers that participated in last year’s attacks and still were infected. He said about 270,000 infected computers were involved in the original assaults.
AhnLab, a top South Korean cybersecurity company, said it provided free vaccine programs — which can repair infected computers and prevent denial of service attacks — to computer users following last year’s attacks as part of efforts to prevent their recurrence. Police had no tally of how many were vaccinated.
Jeong said about 430 infected computers are in South Korea and others are traced to the U.S., Britain, China and Japan. Hyun said the Internet Protocol addresses — the Web equivalent of a street address or phone number — showed the attacks came from computers in South Korea but authorities have not yet located all the infected computers in the country.
AhnLab official Song Chang-min said owners of infected computers would not suspect they were compromised because the infection would not cause any problems or malfunctions in everyday use.
Later Thursday, new attacks were launched on 16 websites — including those of the Blue House and the Korea-U.S. joint military command. But no serious problems were reported, Jeong said.
The attacks came a month after two South Korean government websites were struck with denial of service attacks that officials said were traced to China.
Last year, government websites in South Korea and the U.S. were paralyzed by cyberattacks.
South Korean officials believed those attacks were conducted by North Korea, but U.S. officials have largely ruled out North Korea as the origin, according to cybersecurity experts.
Experts say there is no conclusive evidence that North Korea, or any other nation, orchestrated it.
South Korean media have reported that North Korea runs an Internet warfare unit aimed at hacking into U.S. and South Korean military networks to gather information and disrupt service.