Denial of Service Attack: S. Korea U.S. Cyberwar and Intelligence

There is a great deal of misinformation regarding the Denial of Service Attack that has been ongoing.  While many of the facts are not fully available the misinformation is plainly visible.

  • First off, a denial of services attack (ddos or dos) can be launched from anywhere in the world.
  • Secondly, such an attack is typically done using computers that have been infected by malware – unbeknown to the user / owner.
  • Thirdly, such attacks can be coordinated through multiple locations – the end result, no abosolute clear view as to the originator of the crime.

The Wall Street Journal Article, New Web Attacks Hit Some South Korean Sites, today blended two stories together.  That of the cyberattack that is present and loose ties to how N. Korea is having leadership changes and is more aggressive militarily (a weak correlation to be sure).  Another news story at The Hankyoreh paper (link is in English and available in Korean) states that 26,000 computers in South Korea were executing the DDoS attack.  They provide an interesting perspective on how this attack differs from others.  It is inaccurate however for them to be physically examining a computer (as shown in the picture included in the article) and it’s chips to determine the cause of the attack – it is malware (MyDoom, Conflicker, etc…)

Additional Articles with information on this denial of services attack:

The security industry has been stating the danger of allowing such malware to infect systems, and the result is now evident.  This attack is only orchestrating an attack with 26,000 computers.  The University of California Researchers had control of over 182,914 hosts – nearly 7 TIMES more systems, and this one attack that is ongoing is from one particular geographic location.

A note of caution, attacks such as this create a lot of noise.  Such noise can be used to conceal elicit activities of criminals.  In the security and audit world we expect and have in place technology to trigger alerts and initiate security protocols when such events occur.  If the number of events however exhaust the resources, then prioritization begins to play a part.  Businesses, and governments, must consider these conditions and risks when responding to such situations.

Situations such as these should evoke thought and action, but not necessarily motion – as Benjamin Franklin states quite eloquently, “Never confuse motion with action”.  It would be ill advised for governments to erect vast regulatory bodies / Czars / Committee reviews of this situation – the cause and solution are known, just precise action and response is required.

Contrary Thoughts / Insights into the actual originators?

James DeLuccia IV

My profile on LinkedIN

I will be speaking at RSA 2009 Europe, please register and join the discussion on the future of data security and privacy (links coming soon)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s