SKorea spy agency hunts NKorean for cyber attack: report

Agence France Presse

Posted at Jul 11 2009 01:51 PM | Updated as of Jul 11 2009 09:51 PM

SEOUL - Seoul's spy agency has identified a North Korean hacker who could be behind a series of cyber attacks on South Korea and the United States, a newspaper reported Saturday.

The National Intelligence Service (NIS) has found an Internet protocol (IP) address used by a North Korean whose family name is Yun, an unnamed government official told the Chosun daily.

The NIS was put on alert in January after the North was found to be stealing data from information technology research institutions using "distributed denial of service" (DDoS) attacks, the newspaper said.

Hackers this week planted viruses in thousands of personal computers in South Korea and overseas.

The newspaper reported that the North began DDos attacks on a local network of the Korea Institute of Machines and Materials on June 30, which were carried out by North Korean hackers in China's northeastern city of Shenyang.

"The NIS has long been tracking IP proxies used by North Koreans and it has learned of some IP proxies used by the North Korean (military) hackers' unit," the official was quoted as saying.

"The NIS bases its belief that the attacks were the North's work on this fact."

According to Yonhap news agency, the NIS on Friday told lawmakers in a closed-door briefing that a North Korean research centre called "Number 110" seems to have orchestrated the attacks.

The research centre, which comes under the wing of the General Staff of the People's Army, "is a well-trained unit on cyber attacks" the source told the news agency.

The North has staged a nuclear test and numerous missile launches in recent weeks, raising regional tensions.

But a cyber attack, if confirmed, would be a new tactic.

The attacks have targeted government and private websites in the United States and South Korea.

The Korea Communications Commission said Friday there had been a lull in the attacks after "botnet" hosting servers were isolated and "vaccine" programs were widely distributed to PC users.