South Korea again hit by cyber-attacks, as search for hackers intensifies
Even as a fresh wave of cyber-attacks today hit South Korean networks, computer analysts around the globe were predicting that the worst of the storm is over. According to media reports from Seoul, several institutions in South Korea were targeted Thursday, including Kookmin Bank, one of the country's largest corporations.
But officials in South Korea suggested that security programs had effectively blunted the assault, and told reporters that most sites were up and running at normal levels. In the US, where several government websites had come under fire from hackers, security teams have successfully repelled the threat, a White House spokesman said.
“The preventative measures in place to deal with frequent attempts to disrupt whitehouse.gov’s service performed as planned," Nick Shapiro said yesterday, "keeping the site stable and available to the general public, although visitors from regions in Asia may have been affected.”
Meanwhile, security analysts set to work unpacking the exact nature of the campaign, which appeared to have been launched by a relatively unsophisticated team of hackers. The majority of the problems that plagued South Korean and US websites were caused by denial-of-service attacks, a tactic that floods a network with so many requests, that the network effectively shuts down.
"Experts who examined code used in the attack say it appears to have been delivered to machines through the MyDoom worm, a piece of malware first discovered in January 2004 and appearing in numerous variants since," Kim Zetter wrote yesterday on Wired's website. "The Mytob virus might have been used, as well."
The rudimentary nature of the cyber-attack has led many analysts to conclude the campaign may have been a glorified publicity stunt, created to grab headlines around the globe.
According to Joe Stewart, director of malware research at SecureWorks, “Usually you see a [denial-of-service] attack against one or two sites and it will be for one of two reasons — they have some beef with those sites or they’re trying to extort money from those sites," Stewart told Zetter. "To just attack a wide array of government sites like this, especially high-profile, just suggests that maybe the entire point is just to get attention."
The White House has declined to speculate as to the identify of the attackers, and South Korea says it is cooperating with the US investigation. But today, many in the US continued to point the blame at North Korea or pro-Pyongyang forces. Some Republicans took the attacks as an opportunity to berate the Obama administration.
Rep. Peter Hoekstra, the top Republican on the House Permanent Select Committee on Intelligence, told the Washington Times Thursday that North Korea was likely behind the recent cyber attacks. The appropriate response, he said, would be a "show of force or strength," adding that the administration's approach on "rogue nations" such as Iran and North Korea is not working.
"All of these folks believe that through the power of their personality or persuasion they can bring these irrational players to the negotiating table to do rational things," Hoekstra said. "And they're just wrong."
Analyst Rodger Baker told Reuters that the date of the attacks is close to the anniversary of the death of North Korea's founder Kim Il Sung, "which might lend some credence to speculation that the country was behind the attacks."
Others have responded with more equanimity. Several analysts quoted by Reuters said the cyber-assault may simply have been the work of pranksters, or hackers looking for financial reward.
In the blogosphere, a range of responses
"Whoever is behind this," Stephen Wildstrom of Business Week writes today, "it is disturbing to learn that a number of government agencies are still vulnerable even to a relatively unsophisticated attack, one that most Web-savvy businesses have long since learned to deal with."
In a short reported piece for the National Journal, John Maggs wrote, "This week's crude and fairly ineffective attacks on U.S. and South Korean Web sites were a minor event, network experts said, but could represent a warning shot portending much more serious threats to worldwide communications and commerce on the Internet."
At CrunchGear, Nicholas Deleon urged media around the world to take a more measured response to the attacks. "Even if there was some sort of coordinated cyber attack, how is that different from your everyday cyberattack?," Deleon wrote. "Quoth the Department of Homeland Security spokesman, 'The US sees attacks on its networks every day, and measures have been put in place to minimize the impact on federal Web sites.' No need to jump in your fallout shelter just yet."
For more tech news and updates, follow us @CSMHorizonsBlog.