North Korea launches web attacks against South Korea and USA?

Status
Not open for further replies.
V

Valdez

Me
Joined
Feb 4, 2009
Messages
327
Reaction score
0
More than two dozen Internet sites in South Korea and the United States, including the White House, were attacked in recent days by hackers that South Korea's spy agency said may be linked to North Korea.

U.S. government websites that had been targeted were up and running and day-to-day operations at the White House and Pentagon had not been affected, officials said.

U.S. officials also said it was premature to say who was responsible and that these types of Internet attacks happen every day on government networks.

South Korea's National Intelligence Service (NIS) said in a statement that an organization and possibly a state were behind the attacks in South Korea, the world's most wired nation, and there were signs of "meticulous preparations" for the act.

South Korean media, including Yonhap news agency, quoted parliament members as saying after a briefing with intelligence service officials that the spy agency believed "North Korea or pro-North elements" were behind the attacks.

"Malicious programs" were found targeting 26 U.S. and South Korean Web sites, NIS officials said, according to Yonhap. The attackers tried to jam the websites by overwhelming their data capacity and knocking them out of service, it said.

In the United States, the NASDAQ stock market said its website and business was unaffected by the cyber attack and the White House said all federal websites were "up and running."

The attack on websites had "absolutely no effect" on day-to-day operations at the White House, spokesman Nick Shapiro said.

"The preventative measures in place to deal with frequent attempts to disrupt WhiteHouse.gov's service performed as planned, keeping the site stable and available to the general public, although visitors from regions in Asia may have been affected," he said.

Other public websites affected included the State, Treasury and Transportation departments, the Secret Service and the Federal Trade Commission, officials said.

The State Department said the attack against its state.gov website started on July 5. "It's still ongoing, but I'm told that it's much reduced right now," spokesman Ian Kelly said.

SPECULATION ABOUT NORTH KOREA

If North Korea was responsible, it would mark an escalation in tensions already high due to the reclusive communist state's nuclear test in May, its firing of seven ballistic missiles in July and repeated attacks on longtime foes Seoul and Washington in its official media.

Access to the Internet is denied to almost everyone in the impoverished North, but intelligence sources in Seoul have said the secretive state has stepped up a unit that specializes in cyber attacks.

Tim Stevens, a technology expert at King's College in London, said if North Korea was a source of the attack it was largely symbolic because most of the targets were not critical national infrastructure and the stock exchange was closed at the time of the attacks.

This type of "denial of service" attack was designed to disrupt rather than penetrate a system to obtain data, he said.

The websites of the South Korea's presidential office, defense ministry, and the National Assembly were saturated with access requests generated by malicious software on Tuesday, crippling server response to legitimate traffic, South Korea's Communications Commission said in a statement.

News of the attack pushed shares of some online security firms higher on Wednesday, with Ahnlab Inc up by the 15 percent daily limit on the junior Kosdaq market, which ended trading down.

A similar attack on major websites in Estonia two years ago prompted the NATO military alliance to review its response against possible "cyber-warfare."
Click to expand...

http://tech.yahoo.com/news/nm/20090708/tc_nm/us_korea_south_internet_10
 
And, as a counterpoint to the original article:

No sign of N. Korean backing in bot attacks on U.S. sites, says researcher

There's nothing in the code of the malware used since Saturday to attack a wide array of U.S. and South Korean government and high-profile Web sites that indicates the campaign is backed by the government of North Korea, a noted botnet researcher said today.

"There's nothing in there to suggest that it's state sponsored," said Joe Stewart, the director of director of SecureWorks' counter-threat unit, who has examined the attack code planted on the thousands of hijacked PCs used to conduct distributed denial-of-service (DDoS) attacks. "In fact, it looks like every other bot I see created by an intermediate programmer."

The attacks, which started Saturday when several U.S. government sites -- including those of the Federal Trade Commission (FTC) and the U.S. Department of Transportation (DOT) -- either knocked the sites offline or made it difficult for users to reach them.

DDoS attacks try to flood Web sites with so many requests that the hosting servers and bandwidth are overwhelmed, making them unavailable to legitimate users.

The number of sites targeted each day has increased, said Stewart, another indication that it's unlikely that a government is behind the attacks. "This looks like an attack designed to draw attention to itself, rather than to actually try to take these sites offline," he said, explaining how the attacks have been spread too thin to be effective.

"If it was state-sponsored, you'd think that the attacks would focus on just a few sites," he added.

Among the other clues that Stewart said he'd found in the code was that the attacker or attackers didn't bother to include any security software evasion components, something that most botnet builders use to try to hide the malware from antivirus scanners. "A state would try to be sneakier than this," Stewart argued.

While Stewart found no evidence of government backing of the DDoS attacks, reports from South Korea have claimed sources within the country's intelligence service implicated North Korea or North Korean sympathizers in South Korea.

Most of the machines in the 50,000-to-60,000-PC botnet used to attack sites in the U.S. and South Korea were physically located in the latter, noted Stewart. But that means little. "If you did want to launch a DDoS, South Korea would be a an obvious choice," he said, adding that the country is one of the most highly-networked in the world.

According to AhnLab, a Korean computer security company, the malware used to build the botnet responsible for the attacks was a modified version of MyDoom, a worm that first surfaced in early 2004.

The pattern of the attacks also led Stewart to downplay the likelihood that North Korea, or any national government for that matter, is behind the site attacks. The daily update that's fed to the bots, as the hijacked PCs are called, contains a target list, and that list points, again, to hackers rather than a state.

The first update, delivered July 5, included just five sites, all U.S. government sites, said Stewart, while July 6's update bumped up the number to 21, but still limited the targets to U.S.-based sites. Only on Monday, July 7, were South Korean sites added. The most recent update, pushed to the bots yesterday, included 26 different sites.

"That tells me the attacks were designed to draw attention, nothing more," said Stewart. "It was as if they launched the first [DDoS] attacks, but when those didn't get the attention they wanted, they expanded the list. They kept playing with the attack targets."

The attackers' motive is unclear, acknowledged Stewart, and without that, it may be impossible to determine who is actually behind them. "DDoS attacks for profit are usually extortion attempts, but obviously, they're not going to extort the U.S. or South Korean governments.

"We still see attacks from people who are clearly angry, like attacks against anti-malware sites," he continued. "But to do it against so many sites, they're trying to get attention. Why, we don't know. Maybe it's just someone who says 'I'm mad at capitalism.'"
Click to expand...
 
If it was NoKo, how hilariously stupid.

If not... what the hell are they doing it for?
 
I'm wondering at the idea of a country like North Korea trying to hack the White House. Okay, do they not know that the US has a history of tracking people through the internet and stuff? Hackers always get taken down, especially the ones on this level.
 
Ryuutakesh! said:
I'm wondering at the idea of a country like North Korea trying to hack the White House. Okay, do they not know that the US has a history of tracking people through the internet and stuff? Hackers always get taken down, especially the ones on this level.
Click to expand...

But many don't get caught.

A while back some Chinese guys hacked in to the government's websites, saying "I AM CHINESE!" and stuff.
 
What really surprises me is that anyone even noticed it. Somebody in the government must know their stuff.

Now, if only private industry bothered to spot and block hackers breaking into their systems and stealing names, credit card numbers, birth dates and social security numbers.
 
How come I got a feeling in the next 5 years, there won't be a North Korea anymore?
 
North Korea is throwing a hissy fit and hoping that the other world powers will be intimidated.

I hope we "intimidate" them back by blowing 'em up.

That'll teach them.
 
Jabberwocky said:
North Korea is throwing a hissy fit and hoping that the other world powers will be intimidated.

I hope we "intimidate" them back by blowing 'em up.

That'll teach them.
Click to expand...

WOO! Go Wockeh-san! *throws rice* XD
 
Status
Not open for further replies.
Back
Top Bottom