It follows a barrage of denial of service attacks that shut down South Korean and U.S. government sites throughout the week. In the latest wave of cyber attacks, hackers successfully shut down one government and six commercial sites in South Korea.
However, many of the targeted South Korean organisations re-established service to the affected sites within few hours following the attacks. This recent incident follows on the heels of a week-long spate of attacks that have blocked access to at least 27 government and commercial sites in South Korea and the U.S., including those of the White House, the New York Stock Exchange, the Pentagon, the Department of Homeland Security, the Federal Aviation Commission, the Secret Service and The Washington Post. U.S. government agency Web sites hit the hardest included the Department of Transportation, the Treasury Department and the Federal Trade Commission, which were shut down for days following the July 4 holiday weekend. Other sites, such as those of the Pentagon, were able to stave off the attacks and reestablish Web service relatively quickly. South Korea pointed to North Korea or North Korean sympathizers for the attacks. "This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organisation on a state level," said officials at the South Korean National Intelligence Service in a statement.
But while security experts agree the attacks appear to be sourced from North Korea, there is no evidence indicating that Pyongyang government was responsible. "When Pyongyang launch missiles, they're usually glad to say they did it," said Chris Bronk, Baker Institute fellow for technology society and public policy at Rice University."We haven't really seen that yet." Security experts say that the hackers behind the denial of service attacks, which began over the July 4 weekend, leveraged at least 50,000 to 60,000 computers in a global botnet -- a controlled network of compromised computers -- to execute the attacks that bombard certain Web sites with traffic. In South Korea, at least 11 major Web sites have been affected by the attacks, including sites for the Office of the President, the Defense Ministry, the National Assembly, Shinhan Bank, the newspaper Chosun Ilbo and Naver.com, according to a New York Times/i> report. Bronk said that despite the fact that North Korea is one of the least technologically advanced nations in the world, North Koreans still were capable of launching highly effective cyber attacks. "They take code pieces and try to compare them to what else is on the street in this domain," Bronk said. "It's doubtful that somebody built up a denial of service attack from nothing." Other security experts confirmed that the hackers didn't build up the denial of service attacks from nothing. Paul Henry, security and forensic analyst for security company Lumension, said that the security community identified the malware used in the denial of service attacks as the virus MyDoom, which has been used for years by hackers to disrupt Web service. "The virus that refuses to die," Henry said. "Every time someone wants to make a political statement or try a new trick, they try it with MyDoom." Security experts maintain that the cyber attacks -- known as denial of service attacks -- occur when a Web site is overwhelmed with more traffic than it can handle, which essentially chokes the site and shuts it down. The fact that a relatively simple attack could be executed and effectively used to shut down numerous high-level government Web sites indicates glaring weaknesses in the U.S. cyber infrastructure that need to be addressed, experts say. Henry said that consequently, it has become more imperative for Washington to appoint a cybersecurity czar to oversee security operations. Also, Henry said that definitive policies need to be implemented requiring significant enhancements to U.S. cyber infrastructure. Henry said that some of those policies should include ensuring that security patches be deployed within 30 days of their release across government systems. Additionally most users should not be allowed to login with administrative privileges, which would prevent malware attacks from affecting an entire network, he added. Meanwhile, whether the denial of service attacks will peter out or foreshadow or indicate imminent future attacks remains to be determined, Henry said. "I'm not losing sleep over it. If what this is all about is somebody sending a message, the message has been sent," Henry said. "If you want to create damage, there are far better ways of doing that." See original article on CRN.com
Issue: 277 | March, 2010