Hard disks could be wiped in Korea, U.S.

North Korea had been suspect in attacks on Web sites

Related: Doubts rise in cyber attacks

SEOUL -- Cyber attacks slowing U.S. and South Korean Web sites could enter a new phase Friday by attacking personal computers and wiping out hard disks, a South Korean government agency and web security firm said.

North Korea was originally a prime suspect for launching the cyber attacks, but the isolated state was not named on a list of Web sites from five countries where the attacks may have originated, the Korea Communications Commission said.

The attacks targeting dozens of government and business sites in South Korea and the United States did not cause major damage or security breaches, experts said, but the KCC warned a new phase at 15:00 GMT on Friday could cause severe damage to PCs.

Leading South Korean web security firm Ahnlab, which has closely examined the attacks, said the new phase would target data on tens of thousands of infected personal computers.

"The affected computers will not be able to boot and their storage files will be disabled," said Lee Byung-cheol of Ahnlab.

Almost all of the sites that were out of service this week, including the South's Defense Ministry, were up and running, while Lee said the damage to Internet locations was dwindling due to better safeguards.

The KCC said host Web sites believed behind the original attacks were based in Germany, Austria, Georgia, the U.S. and South Korea. The location of the hackers behind the attacks was still unknown, it said.

South Korean MPs briefed by the National Intelligence Service said although Web sites in North Korea were not on the list, Pyongyang was still considered a suspect, Yonhap news agency said.

Internet access is denied to almost everyone in impoverished North Korea, a country that cannot produce enough electricity to light its cities at night. Intelligence sources say leader Kim Jong-il launched a cyber warfare unit several years ago.

Some analysts have questioned the North's involvement, saying it may be the work of industrial spies or pranksters.

The attacks will likely be seen by the North's leadership as a victory for Kim Jong-il -- even if Pyongyang was not involved -- because they added a new dimension to the threats posed by the state, which rattled regional security with a nuclear test in May and ballistic missile tests last week.

The attacks saturated target Web sites with access requests generated by malicious software planted on personal computers. This overwhelmed some targeted sites and slowed server response to legitimate traffic.

The so-called "distributed denial of service" hacking attack spreads viruses on PCs, turning them into zombies to simultaneously connect to specific sites, unbeknown to owners, experts said.

U.S. officials would not speculate on who might be behind the attacks but noted that U.S. government sites face attacks or scams "millions of times" a day.

Additional reporting by Rhee So-eui and Christine Kim.