North Korea suspected in cyberattack on U.S., South Korean sites

North Korea is the prime suspect in a big cyberattack against 11 U.S. government web sites as well as other sites in the U.S. and South Korea, the Washington Post reported.

No smoking gun evidence has emerged yet as to who orchestrated the attack, which began Saturday and came from a botnet, or a ring of 50,000 computers that have been hijacked by hackers. Thousands of the hijacked computers were in South Korea.

The attack reportedly knocked out the Federal Trade Commission’s web site for parts of Monday and Tuesday. Also attacked were the U.S. Department of the Treasury and Department of Transportation sites.

The attacks were “denial of service” attacks, which bombard sites with lots of traffic until they are overwhelmed. Such attacks, using hijacked computers, have been around for about five years.

To stop the attacks, web sites work with Internet service providers to block requests coming in from Internet addresses that are the source of the attacks. Some botnets have used as many as 200,000 machines, so the one employed here isn’t a giant one. As such, it’s more a nuisance than a real threat, said Dean Turner, director of Symantec Security Response.

In other words, while this is a serious problem, it’s not necessarily something to go to war over or to panic about. North Korea is suspected in part because government and banking sites in South Korea have also been hit. Hackers create botnets by using viruses to infect the machines of unsuspecting users. They then use the machines in a coordinated fashion. But Turner and others noted there is no evidence made public so far that indicates who is behind the attacks.

The attacks will likely heighten the Obama administration’s efforts related to cybersecurity. Charles Dodd, chief technology officer of Nicor Cyber Security, said in an interview last week that North Korea has an extremely focused effort on offensive cyber warfare and that the U.S. should organize its own efforts. Certain government ministries have been investing in offensive warfare for years, Dodd said.

In the past, the U.S. has concentrated on defending itself against cyber attacks. But Dodd says that kind of thinking doesn’t deter attackers. It’s sort of like where one side has nuclear missiles and the other side has a missile defense system. The side with the nuclear missiles has nothing to fear and so it will be motivated to attack. The U.S. should raise its offensive cyberwarfare capability, Dodd said, if only to deter attackers and to learn about how offensive warfare is orchestrated.

Meanwhile, Melih Abdulhagyolu, chief executive of security firm Comodo, said the attack shows that consumers need to protect their machines with anti-malware software to prevent their machines from becoming part of a dangerous botnet.

“Every unprotected can be taken over by the criminal underworld and
rented to cyberterrorists and cybercriminals,” Abdulhagyolu said. “That is happening right now. The market is getting bigger and bigger. People are making millions of dollars running botnets.”