A fresh wave of cyber attacks that slowed U.S. and South Korean websites this week could come later on Thursday, a web security firm said, while the South's spy agency has said the hacking may be linked to North Korea.
The impact of the attacks, aimed at dozens of sites including the White House and the South's presidential office, was seen as negligible, experts said, but served as a reminder that Pyongyang has been planning for cyber warfare.
"The code has a schedule function," South Korean web security firm AhnLab said in a statement.
If the pattern follows, the next attack will occur at 6 p.m. on Thursday (5 a.m. EDT) and targeted sites would include banks, major portals and government offices, it said.
"The times and targets could change if a new strain of the computer virus is released," it said.
If the North was responsible, it would mark an escalation in tension already high from Pyongyang's nuclear test in May, a barrage of ballistic missiles in July and repeated taunts of long-time foes Seoul and Washington in its official media.
But some analysts raised doubts about the North's involvement, saying it may be the work of industrial spies or pranksters.
The attacks saturated target websites with access requests generated by malicious software planted on personal computers. This has overwhelmed some targeted sites and slowed server response to legitimate traffic.
PYONGYANG PLANS FOR CYBER WARFARE
The attacks did not lead to a breach of sensitive government material or damage online infrastructure in South Korea, the world's most wired country, government officials said.
South Korean media quoted parliament members as saying after an intelligence briefing on Wednesday that the spy agency believed "North Korea or pro-North elements" were behind the attacks.
South Korea's Communications Commission said in a statement that it had stepped up counter measures after Wednesday's fresh wave of attacks, asking Internet service providers to filter access by computers infected with malicious software.
South Korea's defense ministry website was among those that remained down for a third day and access to some U.S. government sites, including the State and Defense Department, from South Korea appeared to have been disabled.
An expert on North Korea at the Heritage Foundation, Bruce Klingner, said the North had in operation a military unit with up to 1,000 skilled computer hackers created 10 years ago.
"Pyongyang has an extensive and capable cyber terrorism effort to provide asymmetric attack capabilities," he said.
Internet access is denied to almost everyone in hermit North Korea, but intelligence sources said Pyongyang had placed a high priority on developing cyber attack skills.
Last month, the North warned of "high-tech war" against the South for spreading what it said was false information about its involvement in cyber attacks.
Internet security shares were up sharply on Thursday for a third day led by AhnLab, which rose by nearly the junior Kosdaq market's daily limit of 15 percent.
(Additional reporting by Rhee So-eui and Jungyoun Park in Seoul and Clare Baldwin and Jim Christie in San Francisco; Editing by Jon Herskovitz)