Tuesday, 26 April 2011

North Korea Responsible For Computer Attack

A massive denial of service attack that affected South Korean and U.S. forces’ Internet communications in 2009 originated from North Korea, former chairman of the Joint Chiefs of Staff, Marine Corps Gen. Peter Pace, said recently.

North Korea “rented” a botnet from a third party and used it to temporarily shut down Internet traffic in South Korea on July 4, 2009, Pace said a cybersecurity symposium in Colorado Springs, Colo., on April 11.

George Kurtz, worldwide chief technology officer at the Internet security firm McAfee, told National Defense April 19 that it would not be surprising if North Korea were the instigator of the attack, although he had not heard any acknowledgment of that fact from official sources. Pace retired from service in 2007. He is now chairman and CEO of SM&A Strategic Advisors. At the time of the attack, he was a member of the Defense Policy Board, which advises the secretary of defense on policy matters. He remains a member of the board.

A denial-of-service attack usually involves flooding servers or other Internet nodes with information requests. Those attacking use thousands of computers whose users unknowingly have downloaded viruses that enslaved their operating systems. The goal is to slow down or even halt Internet communications, Dmitri Alperovitch, vice president of threat research at McAfee, said in a November interview about the South Korea incident.

In this case, the botnet sent requests to the U.S. government, stock exchange, Amazon.com and other websites. The attack temporarily caused the world to shut down Internet service coming from South Korea.

“Like terrorism, it’s often not the event that counts, but the response it provokes,” Alperovitch said.

In this case, the response of turning off traffic from South Korea was noteworthy. Most of the classified military network communications travel on the same undersea cables to and from South Korea as regular Internet traffic, Alperovitch noted. That would affect communications between U.S. forces, the South Korean government, U.S. Pacific Command and the Defense Department.

“Can you actually degrade a capability because most of the classified networks used the same undersea cables?” Alperovitch asked. “It’s an interesting motivation to explore.”

“It was pretty clear it was a politically motivated attack,” he added. Anti-South Korean and U.S. spam preceded the attack. There was little damage done in the United States, but the affects were more acute in the South Korea, Alperovitch said.

Oddly, on July 10 the operation ended when the botnet operators sent out a command destroying the network of enslaved computers. That would be unheard for a criminal group, who see these botnets as valuable tools, Alperovitch said.

North Korea, cut off from the world and the global economy, is not known as the most “wired” country. But the case shows that the level of entry for a nation wanting to launch such attacks, and possibly degrade the communications of an adversary, is not high.

Kurtz said, as far as renting a botnet, that is not a problem in the underground criminal cyber-economy. “Being able to rent one — cost is not an issue. They are out there and easy to find.”