South Korea has obtained intelligence that North Korea ordered a military institute of computer hackers known as Lab 110 to "destroy" its neighbour's communications networks last month, news reports said.
The National Intelligence Service told parliament of its finding on Friday, the JoongAng Ilbo newspaper reported, citing evidence the north was behind cyber attacks that paralysed major South Korean and US websites in recent days.
The newspaper, citing unidentified members of the parliament's intelligence committee, said Lab 110, which is affiliated with the north's defence ministry, received an order to "destroy the South Korean puppet communications networks in an instant".
The JoongAng Ilbo said Lab 110 specialised in hacking and spreading malicious programmes.
The NIS – South Korea's main spy agency – said it could not confirm the report. Calls by Associated Press to several key intelligence committee members went unanswered.
South Korea's Yonhap news agency carried a similar report, saying the NIS obtained a North Korean document issuing the order on 7 June. The report, quoting an unidentified senior ruling party official, said the North Korean institute was affiliated with the people's army.
The state-run Korea Communications Commission said it had identified and blocked five internet protocol (IP) addresses in five countries used to distribute computer viruses that caused the wave of website outages, which began in the US on 4 July.
The addresses point to computers distributing the virus that triggered the "denial of service" attacks in which many computers try to connect to a single site at the same time, overwhelming the server. They were in Austria, Georgia, Germany, South Korea and the US, a commission official said on condition of anonymity.
The attacks targeted high-profile websites, including those of the White House and South Korea's presidential Blue House.
Though fingers were immediately pointed at the north, the IP addresses themselves provide little in the way of clarity. It is likely the hackers used the addresses to conceal their identities – for instance, by accessing the computers from a remote location. IP addresses can also be faked or masked, hiding a computer's true location.
South Korean media reported in May that a North Korean internet warfare unit was trying to hack into American and South Korean military networks to gather confidential information and disrupt service. The Chosun Ilbo newspaper reported that the north had between 500 and 1,000 hackers.
Members of the parliamentary intelligence committee have said in recent days that the NIS also suspects North Korea because of a threat it made in state media last month where it boasted of being "fully ready for any form of hi-tech war".
The fact that some of the attacked sites – such as that of the ruling party and the office of President Lee Myung-bak – have links to the South Korean government's hardline policies toward the north were further cited.
The north has drawn repeated international rebukes in recent months for threats and actions seen as provocative by the international community. Those include a nuclear test in May and short-range ballistic missile launches on 4 July.