Search for source of cyberattack on S. Korea

SEOUL, South Korea -- Investigators have traced a coordinated cyberattack that paralyzed tens of thousands of computers at six South Korean banks and media companies to a Chinese Internet Protocol address, but it was still unclear who orchestrated the attack, authorities in Seoul said yesterday.

The discovery did not erase suspicions that North Korea was to blame. An IP address can provide an important clue to the location of an Internet-connected computer but can easily be manipulated by hackers anywhere in the world. An investigation into Wednesday's attack could take weeks.

By yesterday, only one of the six targets, Shinhan Bank, was back online and operating regularly. It could be next week before the other companies have fully recovered.

North Korea has threatened Seoul and Washington in recent days over UN sanctions imposed for its Feb. 12 nuclear test, and over current U.S.-South Korean military drills. It also threatened revenge after blaming Seoul and Washington for an Internet shutdown that disrupted its own network last week.

North Korea "will never remain a passive onlooker to the enemies' cyberattacks," state media said last week in a commentary. "The U.S. and its allies should be held wholly accountable for the ensuing consequences."

The attack did not affect South Korea's government, military or infrastructure, and there were no reports that customers' bank records were compromised. But it disabled cash machines, disrupting commerce in this Internet-dependent nation.