Print 26 comment(s) - last by HoundRogerson.. on Jul 12 at 9:24 PM

Sources believe massive denial of service cyberattacks against the U.S. government and South Korea were masterminded by North Korea.  (Source:
Attack knocked out the Treasury Department, the Secret Service and other U.S. government agency sites

Experts had warned that the U.S. was poorly defended against and ill-prepared for a major cyber offensive.  It turns out they were right.

Attacks against U.S. government sites occurring on July 4 are just now being revealed to the public eye.  The attacks took down the Treasury Department, the Secret Service, Federal Trade Commission, and the Transportation Department websites over the weekend.  This week, outages have continued as the attackers show no signs of relenting.

South Korea has also been targeted.  The attacks on South Korea's government sites began on Tuesday.  The attacks affected South Korea's presidential Blue House and the Defense Ministry, and some banking sites, among others.

The U.S. government believes North Korean or pro-Pyongyang forces are responsible for the attacks.  They are refusing to officially discuss the attacks, but numerous sources have confirmed the attacks are severe and ongoing.  Speaking to a group of South Korean lawmakers, South Korea's National Intelligence Service stated Wednesday that it believes that North Korea or North Korean sympathizer in the south "were behind" the attacks.

In the U.S., the Homeland Security Department's U.S. Computer Emergency Readiness Team is working with organizations to try to fight the attacks.  Spokeswoman Amy Kudwa states that it has "advised (the agencies) of steps to take to help mitigate against such attacks."

Using a denial of service approach -- killing websites by sending millions of requests to them, overloading the servers -- the attacks follow many previous ones.  The perpetrators of the attacks apparently used a computer virus, which infected many computers worldwide, to create a botnet.  This silent botnet was turned on over the weekend and began sending vast quantities of requests to the target sites.  The attacks have been much lengthier than a typical denial-of-service assault, much bolder, and more sophisticated.

The FTC site was down Sunday and Monday.  The Transportation Web site was "100 percent down" for two days, according to Ben Rushlo, director of Internet technologies at Keynote Systems a company that monitors web outages.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

What am I missing?
By edge929 on 7/8/2009 12:43:11 PM , Rating: 2
I work for one of America's largest banks (calm down, we gave back our money already) and I admit my networking experience is limited to only corporate America but what is the problem here? It's 2009 and denial-of-service attacks aren't exactly new. Even my home router has a "ban this IP if it connects 10 times in 30 seconds" rule. Problem solved.

Repeated connection attempts are easily thwarted and it's not necessary to bring down most servers just to flush the memory cache. Granted our servers are rather nice, but not from the future and I would hope that our government has equal or better hardware.

In the end, I blame end users. Not getting viruses is the first step to disrupting DoS attacks.

RE: What am I missing?
By xtknight on 7/8/2009 12:54:51 PM , Rating: 2
I think what you're missing is that packets can be generated with random source IPs and delivered to the same destination ("raw sockets").

So, blocking one source IP won't work. The only way to really prevent this, that I know of, is egress filtering wherein the ISP of the packet in question prevents its transmission by verifying that its source IP is not part of that ISP's network.

You could also model the packets with some sort of Bayesian spam algorithm and block the certain requests somehow. But most of them are probably just generic "GET /" requests anyway, the blocking of which would hamper normal, harmless end users' access as well.

RE: What am I missing?
By xtknight on 7/8/2009 1:02:01 PM , Rating: 2
I guess in actuality I don't even know how the handshaking process would go through with a spoofed source IP so maybe this is only useful for UDP.

RE: What am I missing?
By bohhad on 7/8/2009 11:27:28 PM , Rating: 2
no, don't calm down because they already gave the money back. the gov't was supposed to get shares, it was supposed to bring in a profit, but the banks didn't want to do that. they used the american taxpayer as an ATM.

sorry, it's way off topic, but americans are seeing this bank crap all wrong

"Let's face it, we're not changing the world. We're building a product that helps people buy more crap - and watch porn." -- Seagate CEO Bill Watkins

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki