In what appears to be a continuation of deliberate attacks by unknown factions, several media outlets report that the websites of nearly 40 South Korean agencies sustained a cyber attack on March 4, 2011.
News agencies have reported that several South Korean websites, including the Presidential Office, the Ministry of National Defense, the National Assembly and the Ministry of Foreign Affairs and Trade were attacked by cyber criminals on March 4, 2011. The attack was effective enough to shut down some of the sites. According to Stars and Stripes, Yonhap news reported that U.S. Forces Korea websites were attacked, but USFK spokesman David Oten “would not comment on whether U.S. military computers had been affected by the virus, citing policy meant to protect operational security.”
“There was a DDoS attack, but no damage was reported,” said a presidential aide at Cheong Wa Dae, the executive office of the President.
Media reports theorize that the attackers compromised two peer-to-peer file-sharing websites using malware. The attacks appear to be linked to a similar incident in July, 2009, when nearly 30 organizations were overrun by a distributed denial of service (DDoS) attack. In both incidents, ‘zombie computers’ were used to carry out the attack. This method is an attractive option for the modern cyber criminal, because the use of zombie computers reduces the attacker’s risk of being detected, and by hijacking the computers of thousands of unsuspecting users, the attack is often quite effective.
Although the methods used to implement a DDoS attack vary, denial of service prevents an Internet site or service from functioning by overwhelming a web server with an unmanageable amount requests at a given time. In the attacks of July 2009 and March 4 of this year, the DDoS attack compromised users’ personal computers with malicious code that caused their machines to attack South Korean websites without the users’ permission.
According to the Korea Herald, a KCC official stated that, “the number of zombie PCs, which are infected by malware and taking part in the attack, currently totals up to 11,000, much smaller than the 115,000 counted during the 2009 cyber attack.” He added that the South Korean government is, “making preparation measures since the number [of zombie PCs] is likely to increase.”
After the incident, the Korea Communications commission, the state telecommunications policymaker, released a second-level warning regarding the attack, indicating that the government will be monitoring any increases in online traffic and will keep a close watch out for malicious code which could be used in the commission of a denial of service attack. Cyber security professionals are working with the South Korean government to address security flaws uncovered by the recent attack.
South Korean information security firm AhnLab said that additional attacks were expected, The Herald reports. The firm also said that the attackers hacked two local peer-to-peer file sharing websites a day before on late Thursday and planted malware in the files.
Kim Hong-sun, chief executive of AhnLab, stressed the inherent dangers of spam, being infected by malware, and the preventative measures that can be taken. “For the PC to not be infected by the malicious code, one must have the latest security patch for the computer operating system and must update the vaccine program, along with checking the system in real time,” Hong-sun stated.
“The attached links sent through the e-mails and online messengers should not be clicked on and files should be screened when downloading them from peer-to-peer sites.”
In the 2009 attack, South Korean and U.S. websites were flooded with signals from infected computers causing service disruptions. While reports vary, as many as 270,000 computers were used to attack U.S. and South Korea-based websites. The BBC reports that the 2009 attack was blamed on North Korea, although no evidence has been uncovered to support this claim.
The 2009 incident was traced to a Chinese IP address used by the North Korean Ministry of Post and Telecommunications. Following the attack, the government established a cyber security center designed to protect financial and economic institutions, claiming it would utilize various methods to mitigate the risk of future DDoS attacks.
The ultimate goal of these attacks remains a mystery. One might surmise that they were ‘nuisance’ attacks perpetrated by hackers who wanted to flex their collective brain cells; or worse, that they were coordinated efforts with an as yet unknown purpose. Either way, the purpose of the attacks and who coordinated them seems irrelevant. The end result is the same and this recent wave of cyber crime might only be a precursor of what’s to come.
What is clear is how the increased vulnerability of corporate and institutional websites is often directly linked to factors outside the direct control of today’s IT manger. Peer-to-peer, phishing scams, email spam, social media spam, the advent of IPv6 – all reasons to consider the ‘X’ factor in today’s connected world: the computer on the other side of that fibre optic cable.