Computers networks at two major South Korean banks and three top TV broadcasters went into shutdown mode en masse Wednesday, paralyzing bank machines across the country and prompting speculation of a cyberattack by North Korea.
Screens went blank promptly at 2 p.m. (0500 GMT), with skulls popping up on the screens of some computers – a strong indication that hackers planted a malicious code in South Korean systems, the state-run Korea Information Security Agency said. Some computers started to get back online more than 2 1/2 hours later.
Police and South Korean officials investigating the shutdown said the cause was not immediately clear. But speculation centered on North Korea, with experts saying a cyberattack orchestrated by Pyongyang was likely to blame.
The shutdown comes amid rising rhetoric and threats of attack from Pyongyang in response to U.N. punishment for its December rocket launch and February nuclear test. Washington also expanded sanctions against North Korea this month in a bid to cripple the regime's ability to develop its nuclear program.
North Korea has threatened revenge for the sanctions and for ongoing routine U.S.-South Korean military drills it considers invasion preparation.
Hackers en masse have hit South Korea's computer (represtational pic)
Accusations of cyberattacks on the Korean Peninsula are not new. Seoul believes Pyongyang was behind at least two cyberattacks on local companies in 2011 and 2012.
The latest network paralysis took place just days after North Korea accused South Korea and the U.S. of staging a cyberattack that shut down its websites for two days last week. The Thai-based Internet service provider confirmed the outage, but did not say what caused the shutdown in North Korea.
“It's got to be a hacking attack,” Lim Jong-in, dean of Korea University's Graduate School of Information Security, said of Wednesday's events. “Such simultaneous shutdowns cannot be caused by technical glitches.”
Shinhan Bank, a lender of South Korea's fourth-largest banking group, reported a system shutdown, including online banking and automated teller machines. The company couldn't conduct any customer activities at bank windows, including retail and corporate banking.
At one Starbucks in downtown Seoul, customers were asked to pay for their coffee in cash, and lines were forming outside disabled bank machines. Seoul is a largely cashless society, with many people using debit and credit cards.
Broadcasters KBS and MBC said their computers went down at 2 p.m., but officials said the shutdown did not affect daily TV broadcasts.
YTN cable news channel also said the company's internal computer network was completely paralyzed. Local TV showed workers staring at blank computer screens.
The South Korean military raised its cyberattack readiness level Wednesday following the shutdown, the Defense Ministry said. Defense officials reported no signs of cyberattacks on its ministry's computer network and had no immediate details about the broader shutdown.
LG Uplus Corp., South Korea's third-largest mobile operator, which also operates landline services, said the company's networks are operating normally and it did not see any signs of a cyberattack, company spokesman Lee Jung-hwan said.
The companies whose networks shut down Wednesday afternoon use not just LG Uplus' services but also other services from SK Telecom Co. and KT Corp, he said.
The investigation will take months, Lim said.
“Hackers attack media companies usually because of a political desire to cause confusion in society,” he said. “Political attacks on South Korea come from North Koreans.”
Massive shutdowns of the networks of major companies take at least one to six months of planning and coordination, said Kwon Seok-chul, chief executive officer of Seoul-based cyber security firm Cuvepia Inc.