A North Korean army lab of hackers was ordered to "destroy" South Korean communications networks — evidence the isolated regime was behind cyberattacks that paralyzed South Korean and American Web sites — news reports said Saturday, citing an intelligence briefing.
Members of the parliamentary intelligence committee have said in recent days that the National Intelligence Service has also pointed to a North Korean boast last month that it was "fully ready for any form of high-tech war."
The spy agency told lawmakers Friday that a research institute affiliated with the North's Ministry of People's Armed Forces received an order to "destroy the South Korean puppet communications networks in an instant," the mass-circulation JoongAng Ilbo newspaper reported.
The paper, citing unidentified members of parliament's intelligence committee, said the institute, known as Lab 110, specializes in hacking and spreading malicious programs.
The Ministry of People's Armed Forces is the secretive nation's defense ministry.
The NIS — South Korea's main spy agency — said it couldn't confirm the report. Calls to several key intelligence committee members went unanswered Saturday.
Virus tried to flood servers across globe
The agency, however, issued a statement late Saturday saying it has "various evidence" of North Korean involvement, though it has yet to reach a conclusion.
South Korea's Yonhap news agency carried a similar report, saying the NIS obtained a North Korean document issuing the June 7 order. The report, quoting an unidentified senior ruling party official, said the North Korean institute is affiliated with the North Korean People's Army.
The state-run Korea Communications Commission said Friday that it had identified and blocked five Internet Protocol, or IP, addresses in five countries used to distribute computer viruses that caused the wave of Web site outages, which began in the U.S. on July 4.
The addresses point to the computers that distributed the virus that triggered so-called denial of service attacks in which floods of computers try to connect to a single site at the same time, overwhelming the server.
They were in Austria, Georgia, Germany, South Korea and the U.S., a commission official said. He spoke on condition of anonymity because he is not authorized to speak to the media on the record.
Hackers likely disguised identity
Speculation over who was responsible for the attacks that targeted high-profile Web sites, including those of the White House and South Korea's presidential Blue House, has centered on North Korea.
And though such finger-pointing has been trickling out since the attacks began, the identity of the IP addresses themselves provides little in the way of clarity.
That's because it is likely the hackers used the addresses to disguise themselves — for instance, by accessing the computers from a remote location. IP addresses can also be faked or masked, hiding their true location.
South Korean media reported in May that North Korea was running an Internet warfare unit that tries to hack into American and South Korean military networks to gather confidential information and disrupt service. The Chosun Ilbo newspaper reported Friday that the North has between 500-1,000 hacking specialists.
The fact that some of the attacked sites — such as the ruling party and the office of President Lee Myung-bak — have links to the South Korean government's hard-line policies toward the North was cited as further reason why Pyongyang might attack them.
The North has drawn repeated international rebuke in recent months for threats and actions seen as provocative by the international community. Those include a nuclear test in May and short-range ballistic missile launches on July 4.
North Korea has not responded to the allegations of its involvement in the Web site outages.
The assaults appear to be on the wane. No new similar cyberattacks have been reported in South Korea since Friday evening, according to the state-run Korea Information Security Agency.