backtop

Print E-mail del.icio.us 35 comment(s) - last by redbone75.. on Jul 13 at 8:25 AM
South Korean, U.S. networks still being targeted days after massive attacks

Days after systematic cyber attacks against government and financial institutions crippled computer networks in South Korea and the United States, additional cyber attacks have hit both nations.

Unlike the first wave of attacks earlier in the week, the U.S. State Department said its networks are still being targeted, but with lower volumes of attacks.  South Korean officials said some of its government networks are still being targeted, but also have noticed a dramatic decline in the attacks following July 4.

The botnet had at least 100,000 hijacked computers in South Korea, Japan, China, the U.S. and other countries, which makes accurately tracing the source of the attacks extremely difficult.

"The anticipated attack did take place, but considerable countermeasures were taken and it did act as a defense to some degree," an Ahnlab security firm official told Reuters.  Ahnlab also pointed out that "tens of thousands" of affected computers could have problems booting up, although other experts have not been able to verify that number.

Several U.S. federal agencies will now monitor popular online hacker hideouts, while security experts attempt to locate any digital fingerprints left behind in computer code.  The group responsible appears to be rather unorganized and possibly inexperienced, causing experts to note how a larger, more organized group may be able to cause a higher level of cyber damage to targets.

Security experts are now trying to figure out who is behind the cyber attacks, though early reports indicate North Korea may be behind the attacks.  China and North Korea were both immediately suspected of the attacks, but Chinese officials denied the accusations, saying there was no reason for them to launch so many attacks against South Korea.

The country, unlike China and other regions in Eastern Europe, reportedly have not launched organized cyber attacks, but this could mark its entrance into cyber warfare.

Moving forward, security experts are concerned the cyber attacks could spread from major computer networks to individual PCs, with hackers possibly hijacking them, then turning them into zombies.  If this truly is a cyber war, it appears there is very little the U.S. and South Korea can do against the perpetrators -- assuming they're accurately identified in the first place -- leading to other attacks from the same group.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
!#!$#s
By Regs on 7/10/2009 8:40:54 AM , Rating: 2
Come out and fight like real men. You want to start a war?

When will cyber attacks ever be taken seriously when a country or organization commits it? What if one of these days we had a fire sale, something that could of been preemptively stopped, but we don't believe cyber crime justifies a preemptive measure except for boosting defenses?




RE: !#!$#s
By wrekd on 7/10/09, Rating: -1
RE: !#!$#s
By Regs on 7/10/2009 9:04:43 AM , Rating: 1
I didn't mean just bombs you dumb idiot. We could of done a lot more before 9/11 with just our thumbs up are arse though. This includes actually investigating and making arrests. Now what if a country did it? What's your solution? Wait until a few buildings burn down to the ground or your precious retirement fund disappears?


RE: !#!$#s
By wrekd on 7/10/2009 11:45:17 AM , Rating: 2
I'm not really sure what you mean. You tried to paint a picture that we are weaker for not preemptively stopping an imaginary fire sale. You talked about preemptive measures and asked them to come out and fight. But they are coming out to fight; it's just a different kind of soldier this time.

I was just trying to get at what you meant by preemptive measures. To me, and in today’s world, preemptive measures means someone’s privacy, property, and security could be marginalized for the greater good of some group. I don’t like preemptive postures and I’m sure I’m not alone.

If someone punches you in the face, then punch them back. But I don’t think we should provoke and attack, or simply just attack first, because we think one could be coming.


RE: !#!$#s
By MrBlastman on 7/10/2009 1:45:19 PM , Rating: 2
Who is this "we?" I'm not part of it.

Oh, I suppose by your not believing in pre-emptive measures that means you are all for removing our missile defense systems and are against installing more of them?

Hey, the world is a nice and friendly place, nobody would ever try to nuke or bomb us here in America. :-| Isn't this the same kind of thinking that was big and prominent during the Clinton era that lead to 9/11?

What a sack of poo. If anything, we should be hacking the Chinese/N. Koreans right back - hack them into the ground.

However, since you are speaking of the "internet community," I propose a simple solution: Take our best gamer and challenge their best gamer to a duel in Quake or Doom to decide the war. Winner takes all. Nobody fires a single shot or kills a single baby.

:(


RE: !#!$#s
By wrekd on 7/10/09, Rating: 0
RE: !#!$#s
By rcc on 7/10/2009 3:20:01 PM , Rating: 4
quote:
Well, "we" the internet community, do not collectively believe that preemptive measures are needed. Lay off the Fox News.


Perhaps your "we" the internet community was a bit optimistic? Because based on experience "we" never all agree on anything.


RE: !#!$#s
By wrekd on 7/10/2009 11:01:47 PM , Rating: 2
I give up, yall win!

Funny because I agree.


RE: !#!$#s
By FITCamaro on 7/10/2009 9:14:40 AM , Rating: 2
Well I'm glad you've been appointed to speak for the world as to what we all think.


RE: !#!$#s
By wrekd on 7/10/2009 11:21:21 AM , Rating: 1
That was the whole point of my statement and why I quoted "we".


RE: !#!$#s
By amanojaku on 7/10/2009 8:55:52 AM , Rating: 4
quote:
Come out and fight like real men.
Warfare isn't about proving who's more manly. It's about piling up the bodies faster than your enemy. Sometimes that's best accomplished without guns, clubs or rocks. First guns separated combatants, then artillery, then bombs, then germs. Now cyber crime pops up and it basically shuts everything down so we have to go back to guns, rocks and clubs. The more things change...


RE: !#!$#s
By bhieb on 7/10/2009 10:03:01 AM , Rating: 3
Wow guys use the foil for baking not hats. No doubt China is funding some of this behavior, but why do people see this particular attack as a threat? Come on these are DoS attacks on public sites, hardly capable of "shutting down" anything.

There is no real protection from a good DDoS. If you have a public site and a limited bandwidth (and everyone is limited to some degree), and someone has access to enough bots. They can effectively shut down the site. Just part of being on the public net. It is no different from me screwing with my friends back in 1992 on 14K dialup on AOL by pinging them till their connection dropped. Little fancier but the same concept.

Overloading the bandwidth of a public site is hardly professional hacking, and in no way is it capable of shutting down closed loop systems like the power grid. Hell most of the time Apple and MS do it to them selves each time they release a popular update, with not enough bandwidth to accommodate demand.


RE: !#!$#s
By HrilL on 7/10/2009 3:22:54 PM , Rating: 3
Its not really the limited bandwidth. Its actually the CPU in the server that can't handle the amount of request. In my ethical hacking class we attacked one machine from about ten others. This was done on a network with 100Mb/s of bandwidth and the most we consumed was 10Mb/s on the NIC of the machine under attack. The CPU usage went up to 100% can the machine pretty much just froze up but it was responding to some of the request and also we were hitting it with millions of half open connections which then have to timeout before they'll close. This form of attack can be protected against with a firewall that will close half open connections if they reach over a certain number.

Now you can also use massive amounts of bandwidth and just flood the host connection and this will make it so legit traffic can't get through either. This type of attack can't really be defended against because the only way would be to start blocking IPs or ranges of them and this won't stop connection from being overloaded because the packets won't be dropped until they hit the firewall.


Blizzard.
By Baltar on 7/10/2009 9:05:27 AM , Rating: 5
This is what happens when you remove Lanplay from Starcraft 2.




RE: Blizzard.
By HostileEffect on 7/10/2009 9:09:53 AM , Rating: 2
+1, but they hit the wrong person.


RE: Blizzard.
By samoya22 on 7/10/2009 9:24:08 AM , Rating: 2
+1 Kim Jong-Il has long been suspected of being an avid SC2 fan. I'm surprised he hasn't kidnapped one of their developers yet.


RE: Blizzard.
By bodar on 7/10/2009 2:43:55 PM , Rating: 2
Glorious Leader Kim Jong-Il is so magnificent at Starcraft that he can Zerg rush you in the the first 30 sec of the match while playing as the Protoss!


RE: Blizzard.
By MrBlastman on 7/10/2009 3:24:37 PM , Rating: 2
He's better than that! He'll probe-rush your spawning pool in 15 seconds...


RE: Blizzard.
By redbone75 on 7/13/2009 8:25:17 AM , Rating: 2
Yeah, but he's still ronery.


This will be end up effecting us all
By tmouse on 7/10/2009 8:26:09 AM , Rating: 2
I do not know where this will end up but I can see countries passing laws that would require ISPs to verify antivirus software with definitions less than 60 days old on the client computers before they get on the net (like many corporations do now with their own intranets). It will not stop this but it would put a dent in the number of machines available. Sure some countries will not cooperate, but they would see their own networks degrade more and more as they become the most available sources. If people would take personal responsibility for their own equipment this type of attack would be much harder to do. The more we expand what we want to do on the net and stress our infrastructure (since infinite infrastructure is not an option) the more these botnets will affect us all, whether you're a direct target or just being affected because your ISP is a choke point for a slew of these compromised systems.




RE: This will be end up effecting us all
By HostileEffect on 7/10/2009 9:07:31 AM , Rating: 2
I doubt a law requiring specific software on all computer would pass in America, it stinks like China. The state should not be able to force what software you have on your computer, and it most definitely should not be required for internet access.
If the ISP wants to require anti-virus on their own without any laws then that is all fine with me.


By tmouse on 7/10/2009 11:27:49 AM , Rating: 2
I did not say a specific software but a type ie: antivirus (any brand). Any law would probably just make the ISPs financially liable for any damage coming from their networks, that would compel them to enforce the presence of at least rudimentary precautions. It's not without its downsides but there will be downsides to any solution and FAR worse if nothing is done. Soon any group will be able to damage the cyber infrastructure of any developed nation. I see a lot of people mentioning "finding those responsible and punishing them" but the sad reality is these botnets use computers from all over and since there are countries that simply will not cooperate in investigations the trails stop cold. They may be involved but they may not and just be contrary. We watch too many movies and television where it looks like it is simple to track things across the net all around the world with pin point accuracy and this is simply not true. We will never be able to stop this activity but something must be done to make it less easy.


RE: This will be end up effecting us all
By FaaR on 7/10/2009 12:43:27 PM , Rating: 2
There are too many devices these days that are internet-capable but do not have/need antivirus software. Mandating AV on the ISP level thus wouldn't work, or else people couldn't use their PS3s, linux netbooks and whatnot online. ...Which nobody would accept of course.

What ISPs should do however is disconnect compromised PCs much faster than today. As soon as a PC is confirmed to be breached/zombiefied it should be locked out until the customer calls ISP support whining about not being able to get online, and then go through a mandatory cleaning procedure.

Zombie PCs aren't being taken NEARLY seriously enough right now. They're already a huge problem, and will become ever more so the more time passes; particulary if nothing drastic is done about it right away.


By tmouse on 7/10/2009 2:56:28 PM , Rating: 2
That's a good point, I was a little fixated on the PC problem, Of course baring imbedded apps like internet refrigerators and the like it probably would be wise to incorporate antivirus software into all net devices, since no OS is immune just under exploited. Game consoles are already used for distributed programs and these attacks are just another form so some a-hole will figure a way to use phones, game consoles ect to do this type of attack. Clearly portable devices would be noticed due to the loss of power but I know some people who leave their game systems on 24/7. Many of the exploits in software just take advantage of the functionality of the software and use it for unexpected purposes. As other net devices become more and more "multifunctional" they also become more susceptible to exploits.


Cyber Attacks
By johntmosher on 7/10/2009 8:53:20 AM , Rating: 2
It does not matter who was behind these recent attacks. What really matters is that the attacks caused a great deal of damage to people and businesses from many nations.
A measured response is needed. First step is to identify the individuals or groups responsible and locate them.
Next step is to decide on a course of action to prevent them from being able to continue these attacks in the future. I would not rule out using more than just Cyber responses. A proper response to an attack of this nature and scope would include physically damaging the equipment used in the attacks and "taking out" the perpetrators themselves to prevent them from being able to grow in their abilities to create these types of attacks.
This might sound like too hard of a response but the potential damage to the world economy is great and too many victims will lose if these attackers are allowed to improve the skill of their attacks.




RE: Cyber Attacks
By Scrogneugneu on 7/12/2009 11:34:57 PM , Rating: 2
quote:
It does not matter who was behind these recent attacks . What really matters is that the attacks caused a great deal of damage to people and businesses from many nations. A measured response is needed. First step is to identify the individuals or groups responsible and locate them .


I like your logic.


Not the chinese
By omgwtf8888 on 7/10/2009 11:22:45 AM , Rating: 2
Let's look at the likely suspects.. China.. major investments in the United States.. You don't want to go and screw up the country that owes you a ton of money. There is no incentive for them messing with us.

North Korea, made big dubious announcement about its missle firing on July 4th and touted how its missles could reach the hawaii and the west coast. Dictator has crazy secret bot net hacking sunglasses (GUILTY!!!)

With all the sanctions they have against them, we haven't turned off their internet access? Geez, that's the first thing to go when my kids act up. Wake up world, get your sanctions up to date... Ok North Korea keep it up and no internet, television or cel phone for 1 month.




RE: Not the chinese
By tmouse on 7/10/2009 11:34:11 AM , Rating: 2
Even if we prove it was them we cannot "turn off their internet access" No single nation controls the net and if they can get to ANY other nations they can proxy from there. The attacking systems are not from any single country, these are nets for rent of thousands to millions of machines ,world wide, that are compromised. Where do stop rejecting requests?


By PAPutzback on 7/10/2009 9:54:10 AM , Rating: 2
Whether it be the firewall in front of the system or the router at the ISPs. If within .5 second 100,000 requests come into a router to go to www.CIA.gov then throttle it down to only allow 10 thru. Can't the host server also send a message up to the router to let it know how many sessions it has available. It just seems like there should be an easy hardware fix. And why does it take two days for some of these places to reboot their servers?




Counter Attack?
By Gary Oak on 7/10/2009 9:56:04 AM , Rating: 2
Why don't they just assemble a team of hackers to start attacking back instea dof jsut taking it?

You take down our state department, we take down your Starcraft Severs




Frame job
By WinstonSmith on 7/10/2009 9:56:53 AM , Rating: 2
From what I've read, one can just purchase botnet access from, IIRC, Eastern European criminal sources. So, how in the heck can anyone say who is carrying out these attacks other than by purely guessing based upon the targets? And what a great way to set up another country by making it look like your enemy du jour is attacking you.




About Retaliation
By Narcofis on 7/10/2009 9:59:37 AM , Rating: 2
We are always quick at blaming a country for what their citizens do but we have to remember like the USA a country as many different kind of people. Extremist are probably responsible for this attack...

Remember, there's a lot of misinformation in this information age.




By CuriousMike on 7/10/2009 4:06:08 PM , Rating: 2
I'm sure this has been addressed before, but I can't believe that the US ( or South Koreas ) critical government and banking systems are remotely tied to what the commoner calls "the internet."

Whatever the cyber terrorists thing they're "attacking" must not have sensitive or mission critical information on them.

Please correct/educumacate me on this.




More false flags
By BailoutBenny on 7/11/2009 5:14:18 PM , Rating: 2
Don't believe this BS. This is the same bs as way back when the electrical grid was "under attack." This is more propaganda for the cyber security act. People need to resist any legisation spurned by such "attacks."




Selling more motherboards?
By breakonenine on 7/10/2009 10:48:51 PM , Rating: 1
Might be just a coincidence, but one of my computers is showing symptoms of over heating, not booting.

It's only six months old, maybe it is a conspiracy to sell more motherboards from China, they tweak your computer to die?

Never return a hard drive, they just want to see what is on it after you send it back for a replacement drive and they sent the kill signal?




"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments









botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki