SEOUL, South Korea (AP) — In an embarrassing twist to a coordinated cyberattack on six major South Korean companies this week, investigators said Friday they wrongly identified a Chinese Internet Protocol address as the source.
A joint team of government and private experts still maintains that hackers abroad were likely to blame, and many analysts suspect North Korea. But the error raises questions about investigators' ability to track down the source of an attack that shut down 32,000 computers Wednesday and exposed big Internet security holes in one of the world's most wired, tech-savvy countries.
South Korean investigators said Thursday that a malicious code that spread through the server of one of the hackers' targets, Nonghyup Bank, was traced to an IP address in China. Even then it was clear that the attack could have originated elsewhere because hackers can easily manipulate such data.
But the state-run Korea Communications Commission said Friday that the IP address actually belonged to a computer at the bank. The IP address was used only for the company's internal network and happened to be identical to a public Chinese address.
"We were careless in our efforts to double-check and triple-check," KCC official Lee Seung-won told reporters. He blamed the error on investigators' rush to give the public details on the search for a culprit.
Yonhap news agency, in an analysis Friday, called the blunder "ridiculous" and said the announcement is certain to undermine government credibility.
Yonhap criticized officials for failing to dispel public anxiety in a country where people's lives are closely interwoven with services provided by media and financial institutions.
An initial assumption that the attack came from abroad may have made investigators jump to conclusions, said Lee Kyung-ho, a cybersecurity expert at Seoul's Korea University.
"They rushed," he said. "They should've investigated by checking the facts step by step."
The investigation will take weeks. Investigators have said the attacks appeared to come from "a single organization" and suspect the hackers were from outside the country. Lee Seung-won, the KCC official, discounted the possibility that the attack could have come from within South Korea, but he didn't elaborate.