North Korean army suspected over cyberattacks

SEOUL, South Korea — A North Korean army lab of hackers was ordered to "destroy" South Korean communications networks — evidence the isolated regime was behind cyberattacks that paralyzed South Korean and American Web sites — news reports said Saturday, citing an intelligence briefing.

Members of the parliamentary intelligence committee have said in recent days that the National Intelligence Service has also pointed to a North Korean boast last month that it was "fully ready for any form of high-tech war."

The spy agency told lawmakers Friday that a research institute affiliated with the North's Ministry of People's Armed Forces received an order to "destroy the South Korean puppet communications networks in an instant," the mass-circulation JoongAng Ilbo newspaper reported.

The paper, citing unidentified members of parliament's intelligence committee, said the institute, known as Lab 110, specializes in hacking and spreading malicious programs.

The Ministry of People's Armed Forces is the secretive nation's defense ministry.

The NIS — South Korea's main spy agency — said it couldn't confirm the report. Calls to several key intelligence committee members went unanswered Saturday.

The agency, however, issued a statement late Saturday saying it has "various evidence" of North Korean involvement, though has yet to reach a conclusion.

South Korea's Yonhap news agency carried a similar report, saying the NIS obtained a North Korean document issuing the June 7 order. The report, quoting an unidentified senior ruling party official, said the North Korean institute is affiliated with the North Korean People's Army.

The state-run Korea Communications Commission said Friday that it had identified and blocked five Internet Protocol, or IP, addresses in five countries used to distribute computer viruses that caused the wave of Web site outages, which began in the U.S. on July 4.

The addresses point to the computers that distributed the virus that triggered so-called denial of service attacks in which floods of computers try to connect to a single site at the same time, overwhelming the server.

They were in Austria, Georgia, Germany, South Korea and the U.S., a commission official said. He spoke on condition of anonymity because he is not authorized to speak to the media on the record.

Speculation over who was responsible for the attacks that targeted high-profile Web sites, including those of the White House and South Korea's presidential Blue House, has centered on North Korea.

And though such finger-pointing has been trickling out since the attacks began, the identity of the IP addresses themselves provides little in the way of clarity.