N. Korea suspected of hacking South’s subway operator

October 5, 2015
A subway station in Seoul bustles with commuters. (Yonhap)

A subway station in Seoul bustles with commuters. (Yonhap)

SEOUL (Yonhap) — North Korea is suspected of hacking into a Seoul subway operator last year for at least five months, a ruling party lawmaker said Monday citing a report submitted by the country’s intelligence agency.

After hacking into two operating servers of Seoul Metro, which runs Subway Lines 1 through 4, the hackers allegedly broke into more than 210 employee computers and infected 58 with malicious codes, Rep. Ha Tae-kyung of the ruling Saenuri Party said, quoting a report by the National Intelligence Service (NIS).

Computers used by those who work at the control center and power supplier were affected, raising safety concerns that the subway lines could have been exposed to potential terror threats.

“The computers that were hacked were only for office use, which is unrelated to the direct operation of the trains,” officials from Seoul Metro said. “After the probe by the NIS was done, we formatted all 4,240 computers for office use and reinforced our safety system.”

The NIS analyzed the hacking records from March 2014 to August 2014, but the date of the first attack and who carried it out are still unclear.

The agency said the tactics used coincided with that of cyber attacks that took place in March 2013 by North Korea on three South Korean banks, their insurance affiliates and three TV broadcasters, raising suspicions that the North could be behind the attack.

The Seoul Metro has been suffering from a series of cyber attacks. As of September 2015, more than 35,000 attacks have taken place this year, nearing the total 37,713 cases that took place last year.