Who's really behind that cyberattack on South Korea?

Your device's light sensor may betray your privacy
Light sensor data will soon be transmitted by every web browser, which may cause serious privacy risks.

See all Editor's Picks

whoisskulls
A North Korean group was the major suspect, but an IP address associated with the attack traces back to China.

The jury's still out on who was behind Wednesday's massive cyberattack on South Korea, and we may never know the culprit with certainty.

But we do know one thing: the hackers' Internet protocol (IP) address traced back to China.

The attack, which paralyzed the networks of two banks and three television stations for a few hours, was certainly theatrical. A video showing what some affected computers looked like has found its way to YouTube. It depicts three robot-looking skulls, not unlike the series 800 Terminator, backlit with flashes of lighting. The hacker group, calling itself the Whois Team, wrote in oddly capitalized, unconversational English.

Hi !!!
We have an Interest in Hacking.
This is the Beginning of Our Movement.
User Accounts and All Data are in Our Hands.
Unfortunately, We have deleted Your Data.
We'll be back Soon.

It also advertises an email address, dbM4st3r@whois.com, that appeared to be inoperative when the Daily Dot attempted to contact the hackers.

This appears to run contrary to the most common speculation: that the attack was launched by the North Korean government. North Korea has long demonstrated it possesses the capability for these attacks; it's hacked South Korean banks before. It also has the motive, considering the country announced Friday that it had been the victim of cyberattacks from South Korea and the U.S. and hinted that it would retaliate.

The presence of the WhoIs group raises more questions than answers. As Ars Technica notes, it seems there were multiple attacks at the same time, and it's noteworthy that the attack seemed aimed for disruption, not for stealing data.

It's also entirely possible that the WhoIs group is not behind most of the network attacks. A representative for LG Uplus, the Internet service provider used by all five of the hacked networks, initially claimed WhoIs was not responsible.

And as for that Chinese IP address? That could mean anything. The U.S. and China have each recently accused each other of attacks, each citing IP addresses coming from the other country. But it's not much of a challenge for a hacker to spoof an IP address. Besides, as cybersecurity expert Jeff Carr previously told the Daily Dot, China is a perfect scapegoat for any hacker.

"China is probably the perfect target right now for every other country in the world that wants to do cyber-espionage," he said. "All you've got to do is run it through a Chinese IP address. "

Screengrab via Vitahumor/YouTube

Promoted Stories Powered by Sharethrough
north korea
South Korean banks hit with skull-flashing cyberattack
South Korea has been hit with a massive cyberattack that paralyzed two banks and three television stations.
The Latest From Daily Dot Video
Group

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!