North Korea suspected of hacking Seoul's subway operator last year

A notice board for foreign residents outside the Daerim subway station in Seoul, Korea.
A notice board for foreign residents outside the Daerim subway station in Seoul, Korea.PHOTO: KIM JINHA

SEOUL (AFP) - North Korea is suspected of having launched a cyber attack last year on the South Korean capital's subway system that carries millions of commuters every day, a Seoul lawmaker said on Monday (Oct 5), citing intelligence reports.

The attack, staged between March and August 2014, affected several servers of Seoul Metro, which runs four major subway lines, ruling party legislator Ha Tae Kyung said.

Nearly 60 employee computers were infected by malware, Ha said.

After analysing the hacking records, the National Intelligence Service (NIS) found that the malware codes were similar to those North Korean hackers have employed before, he added.

A Seoul Metro spokesman confirmed the hack, but stressed that computers used for the direct operation of subway lines were not compromised.

"There were data and information leaks, but none related to direct operations," the spokesman said.

"We still don't know who was behind the attack," he added.

Seoul's subway network is one of the busiest in the world, carrying around 5.25 million passengers a day.

South Korea has blamed North Korean hackers for a series of cyber attacks on military institutions, banks, government agencies, TV broadcasters and media websites in recent years.

Last December, Seoul accused Pyongyang of launching a cyber attack on South Korea's nuclear power plant operator. Pyongyang denied any involvement and accused Seoul of fabricating the incident.

South Korea has strengthened Internet security since it set up a special cyber command in 2010, amid growing concern over its vulnerability.

The South's Defence Ministry believes North Korea runs an elite cyber warfare unit with up to 6,000 personnel, and regards its ability to launch hacking attacks as a major security threat.