Some South Korean and U.S. Internet sites were down or slowed to a crawl for a third day on Thursday after attacks by a hacker that Seoul's National Intelligence Service said may be linked to a cyber warfare unit in the North.
The impact of the attack was seen as largely symbolic and experts said it did not represent an actual security breach or damage to the online infrastructure of the world's most wired country.
South Korean media, including Yonhap news agency, quoted parliament members as saying after an intelligence briefing on Wednesday that the spy agency believed North Korea or pro-North elements were behind the attacks.
But some analysts raised doubts the North was responsible, saying the implications of such a state involvement were severe, and it may be the work of industrial spies or pranksters instead.
South Korea's Communications Commission said in a statement that it had stepped up counter measures after Wednesday's fresh wave of attacks, asking Internet service providers to filter access by computers infected with malicious software.
South Korea's defense ministry Web site was among those that remained down for a third day and access to some U.S. government sites, including the State and Defense Department, from South Korea appeared to have been disabled.
An official with the Communications Commission said the impact could spread as more people go online through the day.
We've had the first wave and the second wave, and now there may be a third one, Park Chul-soon said on state-run KBS radio.
If the North was responsible, it would mark an escalation in tensions already high from Pyongyang's nuclear test in May, a barrage of ballistic missiles in July and repeated taunts of long-time foes Seoul and Washington in its official media.
Mark Rasch of SecureITExperts, a former U.S. Department of Justice official on cyber crimes, said the implications of a state sponsored attack were severe.
There's no difference between dropping a logic bomb and dropping a TNT bomb in the law of war, he said, but added that while North Korea could have been behind the maneuvers, they did not appear to be coming from computers physically based there.
Last month the North warned of high-tech war against the South for spreading what it said was false information about its involvement in cyber attacks.
As universally recognized, the U.S. is the kingpin of 'cyber attack' and 'hacker intrusion' on our planet, its official KCNA news agency said on June 27.
The DPRK is fully ready for any form of high-tech war, it said using the country's official name, the Democratic People's Republic of Korea.
An expert on the North at the Heritage Foundation, Bruce Klingner, said the North had in operation a military unit with up to 1,000 skilled computer hackers created 10 years ago.
Pyongyang has an extensive and capable cyber terrorism effort to provide asymmetric attack capabilities, he said.
Internet security shares were up sharply on Thursday for a third day led by AhnLab, which rose by nearly the junior Kosdaq market's daily limit of 15 percent.
Ahnlab, the country's leading online security firm, is among those whose Web sites are still under attack. The site froze before fully loading while displaying a broken link to a DDoS attack warning.
Distributed denial of service (DDoS) attacks are designed to disrupt rather than penetrate a system to obtain data.
Targeted Web sites are saturated with access requests generated by malicious software planted on personal computers, crippling or slowing server response to legitimate traffic.
(Additional reporting by Jungyoun Park; Editing by David Fox)