backtop

Print E-mail del.icio.us 31 comment(s) - last by Dribble.. on Jul 17 at 5:18 AM

An IP in Britain is responsible for the attacks on U.S., South Korea government sites, says a Vietnamese security researcher. The report contradicts U.S. intelligence claims that the attacks came from North Korea, and would be an embarrasment to the U.S. cyberintelligence efforts if it holds true.  (Source: ZDNet)
Maybe North Korea wasn't to blame after all

A massive distributed denial of service attack by a botnet of infected computers launched over the Fourth of July weekend, taking down many U.S. government civil sites.  Among those put offline were the U.S. Departments of Transportation and Treasury, the U.S. Federal Trade Commission, and the secret service website.

South Korea was the second biggest victim of the attacks, which continued this week.  Based on that the attacks targeted the U.S. and South Korea, security researchers put two and two together and hypothesized that the attacks were masterminded by North Korea, headed by dictator and self-proclaimed "internet expert" Kim Jong-Il.

However, sites in Japan, Canada, Australia, the Philippines, New Zealand, the U.K. and Vietnam were also attacked.  And now a security researcher from claims he has data which contradicts U.S. and South Korean intelligence and points the blame for the attacks on malicious parties in Britain.

According to Nguyen Minh Duc, senior security director at Bach Khoa Internetwork Security (Bkis), the infected computers broadcasted requests every three minutes to one of eight servers.  Bkis claims to have gained control of two of the eight servers and used it to discover the master server, which has an IP in the range 195.90.118.x.  This IP is apparently registered to Global Digital Broadcast in the U.K.

States Mr. Duc, "Having located the attacking source in UK, we believed that it is completely possible to find out the hacker."

His data indicates that the attack affected 166,908 PCs in 74 countries, more than the "several tens of thousands" figure that U.S. intelligence and security firms previously released.  The most infected computers were in South Korea, by his estimates, with U.S., China, Japan, Canada, Australia, the Philippines, New Zealand, the U.K. and Vietnam following.

If Mr. Duc's conclusions hold true, it would be a major victory for his security firm.  Security researchers, though, remain skeptical of his claims.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
that makes absolutely no sense
By superPC on 7/15/2009 10:54:08 AM , Rating: 2
what would a person in UK gained with attacking website in south korea and US?




RE: that makes absolutely no sense
By ClownPuncher on 7/15/2009 11:07:31 AM , Rating: 5
Fourth of July weekend, Independance from Britain...it's the 1770's all over again, only with computer whizbangs and internet doohickies! Down with King_George@tyrantmail.com!


RE: that makes absolutely no sense
By marvdmartian on 7/15/2009 4:01:47 PM , Rating: 5
So that's one LED lamp if by land, two LED lamps if by sea, right?? ;)

Shoot, anyone invades another country, it'll probably be on Twitter within 2 minutes!!


RE: that makes absolutely no sense
By Cypherdude1 on 7/15/2009 6:06:46 PM , Rating: 4
Vietnam has an Internet? I didn't know Vietnam has an Internet. I thought all they had were mopeds and water buffalo.

(you wouldn't hit a guy with glasses, would you?)

B ^D


RE: that makes absolutely no sense
By globetek on 7/15/09, Rating: -1
RE: that makes absolutely no sense
By sbtech on 7/16/2009 4:00:38 AM , Rating: 2
You even quoted his comment in brackets and still did not get the joke?


RE: that makes absolutely no sense
By Brandon Hill (blog) on 7/15/2009 11:08:47 AM , Rating: 2
What about the UK guy that hacked into NASA claiming to be looking for evidence of aliens?

http://www.dailytech.com/British+Hacker+Fights+Ext...


RE: that makes absolutely no sense
By xKeGSx on 7/15/2009 11:14:44 AM , Rating: 3
What about doing it remotely from an ip in the UK? Can't say it's the first time it's been done....


RE: that makes absolutely no sense
By xKeGSx on 7/15/2009 11:15:51 AM , Rating: 3
"From" should read "through"


By Digimonkey on 7/15/2009 11:55:58 AM , Rating: 3
I'm sure the investigation was a lot more than a whois or nslookup.


RE: that makes absolutely no sense
By HaB1971 on 7/15/2009 11:15:01 AM , Rating: 5
Maybe they were looking for the 'Back Rent' that has been owed since the 1770's? and maybe they are driving a KIA that has died for the 237th time?


RE: that makes absolutely no sense
By WinstonSmith on 7/15/2009 11:34:16 AM , Rating: 2
"what would a person in UK gained with attacking website in south korea and US?"

Just a kook doing his own version of an amateur "false flag" "wag the dog" operation or the manipulation of a kook by state agency(ies) to accomplish same while providing "plausible deniability."

Note my only other post on this when the news first appeared stated the usefulness of this as a false flag provocation. Hostile governments would have no incentive to investigate fully and would simply use the event to back their agendas.


By WinstonSmith on 7/15/2009 11:44:48 AM , Rating: 2
I need to modify my statement above. Governments attacked would have every reason to investigate and every reason not to release the result of their investigation if that result conflicted with their agenda. That would be "Classified Information" whose release would "endanger national security (tm)." Do you really think the governmental investigations that must have taken place reached a result any different from this guy's? But we didn't hear it from them, did we? Go figure...


By Steve1981 on 7/15/2009 12:06:04 PM , Rating: 2
Jailtime, with any luck.


RE: that makes absolutely no sense
By AshT on 7/15/2009 12:50:36 PM , Rating: 4
Sorry!

My bad, I downloaded some kiddy scripts and I meant to put 'Attack North Korea' in the drop down box and I accidentally put 'Attack US and South Korea'

Sorry again!


RE: that makes absolutely no sense
By Chadder007 on 7/15/2009 3:47:00 PM , Rating: 4
It was someone in North Korea, RDP'ing into a UK computer. :D


By segerstein on 7/15/2009 5:05:03 PM , Rating: 5
quote:
It was someone in North Korea, RDP 'ing into a U K computer. :D


It's DPRK ing :D


Whoops
By Danger D on 7/15/2009 11:24:41 AM , Rating: 5
Well that's uncomfortable.

I love how the previous article said “early reports indicate North Korea may be behind the attacks.” And this one pins the blame on “malicious parties in Britain.”

So, if it comes from North Korea, it’s North Korea that is behind the attack, but if it comes from the UK, it’s not the UK that is behind the attack. It’s “malicious parties.”




RE: Whoops
By Digimonkey on 7/15/2009 11:40:48 AM , Rating: 5
Probably has something to do with the thought that the citizens of North Korea are too busy trying not to starve to death instead of wasting time DoSing insignificant targets on the Internet, but yeah I can see your point.


RE: Whoops
By theapparition on 7/15/2009 11:54:22 AM , Rating: 3
It might seem like bias from your point of view, but when you look at the facts, things become more clear.

Any UK citizen can have access to a computer, the internet, and has freedom to do many activities.

North Korean citizens are generally not allowed to have personal access to computers and any external internet links are government controlled.

So yes, any attack originating in North Korea would have to be government sponsored, while an attack originating from the UK could be anyone.

See the difference.


RE: Whoops
By Danger D on 7/15/2009 12:50:10 PM , Rating: 3
It’s important to question our assumptions. It’s not a stretch to say people jumped to conclusions pretty quickly on this issue. North Korea is immediately assumed to be the culprit based on the following evidence: the US and South Korea were targets (forget about the other 72 countries targeted).

That is what you’d call highly circumstantial at best. While this new information has yet to be proven as well, at the very least it indicates that the “security researchers” should shut up and show some prudence until we have some evidence that actually points at someone.

Jumping to conclusions and assuming state-sponsored cyber-terrorism by North Korea undermines our legitimacy when making serious claims of human rights abuses and other travesties that the government there actually does commit.

Even if those conclusions aren’t directly made by our government. Newspaper and internet headlines making the allegations do create the impression that Americans blame North Korea.


RE: Whoops
By omnicronx on 7/15/2009 12:00:07 PM , Rating: 2
You do know how the people of North Korea live right? Everything and anything is controlled by the government and only a very small percentage of the people even have access to the internet in he first place. If there ever was an attack that came from North Korea, there would be a very high chance of government involvement.


RE: Whoops
By masouth on 7/15/2009 3:46:53 PM , Rating: 2
well by North Korea they may just mean Kim Jong-il.

He is an "internet expert" you know. I bet Al Gore is upset. He never meant it to be used this way.

First North Korea...then China....now UK. In a few more days I'm going to be reading that I am the evil mastermind behind it.

I'm not surprised, I never did trust myself and I have way too much time on my hands.


Does it matter where the attack originated?
By nafhan on 7/15/2009 1:39:37 PM , Rating: 3
I don't see why the attack originating in the UK means it couldn't have been North Korea masterminding it. It would probably be in North Korea's best interest to make it look like the attack originated in a country other than North Korea.

Plus, I would imagine the amount of internet bandwidth to/from North Korea is a bit lower than that of the UK, making it advantageous to host attacks from outside the country for technical reasons as well.




By DotNetGuru on 7/16/2009 6:00:30 PM , Rating: 2
If you really want to blame NK for this (and you do), don't let any conflicting (or lack of supporting) evidence stand in your way. And I'm sure it is in NK's "best interest" to make this look like the Brits did it, because they wouldn't want the US to think they didn't like us for some reason and risk losing their BFF, lol.
Come on!! Think about it. It always comes back to motive. Who benefits from this nonsense?
NK is already doing everything they can to show the world how tough they are. Yet it's still none of our freakin business, so we need to get a little public outrage going.
Its probably too soon to fake another 'terrorist' event so we'll stage an attack on our intarnetz. People will be terrified that the interwebs are under attack. Nancy Grace will break in to her ongoing coverage of Jackson or some-missing-kid to scare as many idiots as she can.
Average Jane doens't understand that a DoS 'attack' on a public website is not really a big deal and happens all the time. But frame it as the North Koreans declaring war on our Internets and you'll get all the mouth-breathers ready to bomb Saddam again (or whoever Rush tells them is at fault). Disgusting. This is probably either a not-so-well-thought-out wag the dog type ploy or Israel trying to coax US into taking out another one of those pesky neighbors of their's. Or maybe its those city-of-london-types pushing their globalist agenda by tricking US into occupying yet another sovereign nation. Who know...


Was it...
By SavagePotato on 7/15/2009 12:57:03 PM , Rating: 2
Anarchy in the UK?

Seriously though how could north Korea do a sustained ddos attack, thats one hell of alot of north Koreans pedaling bicycles to power up the countries array of commodore 64's.




RE: Was it...
By SiliconJon on 7/15/2009 12:59:22 PM , Rating: 2
I find that offensive - you know good and well that's where all the C128's went.


Who said anything about Mi6?
By SiliconJon on 7/15/2009 12:54:00 PM , Rating: 2
Wasn't me - I would never make such an assumption.

Arrr, we shall attack one foe with the flag of another foe on our mast, and watch as we set one foe against another. Or, we can attack our very powerful allies under our foes own flags to give them the nudge they need to assist us in our battle against what will become a common foe. Or we can use one of our own elite squads to attack ourselves under a foe's flag to get our own people behind our agenda, for the little damage we cause will be far less than that of inaction.

Aye, me matey, tis a plan.




By CZroe on 7/15/2009 1:04:40 PM , Rating: 2
There's a huge difference between the earliest point in the path it can be traced back to and the origin. Just because it came through the one server doesn't mean it didn't hop, which it is VERY likely to do. Calling it by made-up names like "master server" just because it was controlling other servers in the botnet or being reported to or polled by other servers in the botnet doesn't mean that it was operated from it. Durr. In fact, it would be stupid to operate from the one that they all point back to.

This is just an example of someone trying to lend more importance to what he knows than it deserves to stroke his own ego. Just because it wasn't publicly known doesn't mean he's the only one to know it. As far as he knows, it has been investigated further and deeper already or else they have discovered what he knows and rightfully disregarded it to look at other more relevant evidence, such as the sites attacked. After all, it is irrelevant.




I know what it is!
By Pythias on 7/15/2009 5:22:53 PM , Rating: 2
Someone's mad because Bisping got KTFO by Hendo. :D




No it originated in Florida
By Dribble on 7/17/2009 5:18:35 AM , Rating: 2
After all the sensationalist news someone bothered to contact the UK ISP who traced the attack further back to a computer in Florida.




"I'm an Internet expert too. It's all right to wire the industrial zone only, but there are many problems if other regions of the North are wired." -- North Korean Supreme Commander Kim Jong-il











botimage
Copyright 2010 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki