SEOUL, South Korea (AP) — Investigators have traced a coordinated cyberattack that paralyzed tens of thousands of computers at six South Korean banks and media companies to a Chinese Internet Protocol address, authorities in Seoul said Thursday.
IP addresses, which are unique to each computer connected to the Internet, can easily be manipulated by hackers operating anywhere in the world, and the investigation into who was actually behind Wednesday's attack and whether they were in China could take weeks. Suspicion for the simultaneous shutdown is still focused on North Korea, which has threatened Seoul and Washington in recent days over U.N. sanctions imposed for its Feb. 12 nuclear test and is accused of waging similar cyberattacks over the past four years.
The cyberattack did not affect the government or military, and there were no immediate reports that customers' bank records were compromised. But it disabled scores of cash machines across the country, disrupting commerce in this tech-savvy, Internet-dependent country, and renewed questions about South Korea's Internet security and vulnerability to hackers.
If the attack was in fact carried out by North Korea, the purpose would seem to be to send a tacit message — and a warning — to South Korea that Pyongyang is capable of breaching its computer networks.
On Thursday, only one of the six targets, Shinhan Bank, was back online and operating regularly.
South Korean investigators say there is no proof yet that North Korea was behind the attack. However, the outage took place as Pyongyang warned Seoul against holding joint military drills with the U.S. that it considers rehearsals for an invasion.
North Korea also has threatened retaliation for sanctions imposed for the nuclear test, as well as its launch of long-range rocket in December. Pyongyang blames Seoul and Washington for leading the push to punish the North.
The Korean Peninsula has remained in a technical state of war, divided by a heavily militarized border, since the foes signed a truce in 1953. Over the past decade, the two Koreas have engaged in deadly naval skirmishes in waters that both countries claim. And increasingly, their warfare has extended into cyberspace.
Seoul's National Intelligence Services believes Pyongyang was behind six cyberattacks between 2009 and 2012.
Pyongyang, meanwhile, blamed Seoul and Washington for an Internet shutdown that disrupted its network last week.
"If it plays out that this was a state-sponsored attack, that's pretty bald-faced and definitely an escalation in the tensions between the two countries," said James Barnett, former chief of public safety and homeland security for the U.S. Federal Communications Commission.
An ominous question is which other businesses, in South Korea or elsewhere, may also be in the sights of the attacker, said Barnett, who heads the cybersecurity practice at Washington law firm Venable.
"This needs to be a wake-up call," he said. "This can happen anywhere."
Wednesday's attack in South Korea, which disabled some 32,000 computers at broadcasters YTN, MBC and KBS, as well as three banks, appeared to come from "a single organization," regulators said. The initial findings were based on results from an investigation into one target, Nonghyup Bank, and the investigation is continuing into the shutdown at the five other firms.
A malicious code that spread through the Nonghyup server was traced to an IP address in China, said Cho Kyeong-sik, a spokesman for the state-run Korea Communications Commission.