backtop


Print 35 comment(s) - last by redbone75.. on Jul 13 at 8:25 AM

South Korean, U.S. networks still being targeted days after massive attacks

Days after systematic cyber attacks against government and financial institutions crippled computer networks in South Korea and the United States, additional cyber attacks have hit both nations.

Unlike the first wave of attacks earlier in the week, the U.S. State Department said its networks are still being targeted, but with lower volumes of attacks.  South Korean officials said some of its government networks are still being targeted, but also have noticed a dramatic decline in the attacks following July 4.

The botnet had at least 100,000 hijacked computers in South Korea, Japan, China, the U.S. and other countries, which makes accurately tracing the source of the attacks extremely difficult.

"The anticipated attack did take place, but considerable countermeasures were taken and it did act as a defense to some degree," an Ahnlab security firm official told Reuters.  Ahnlab also pointed out that "tens of thousands" of affected computers could have problems booting up, although other experts have not been able to verify that number.

Several U.S. federal agencies will now monitor popular online hacker hideouts, while security experts attempt to locate any digital fingerprints left behind in computer code.  The group responsible appears to be rather unorganized and possibly inexperienced, causing experts to note how a larger, more organized group may be able to cause a higher level of cyber damage to targets.

Security experts are now trying to figure out who is behind the cyber attacks, though early reports indicate North Korea may be behind the attacks.  China and North Korea were both immediately suspected of the attacks, but Chinese officials denied the accusations, saying there was no reason for them to launch so many attacks against South Korea.

The country, unlike China and other regions in Eastern Europe, reportedly have not launched organized cyber attacks, but this could mark its entrance into cyber warfare.

Moving forward, security experts are concerned the cyber attacks could spread from major computer networks to individual PCs, with hackers possibly hijacking them, then turning them into zombies.  If this truly is a cyber war, it appears there is very little the U.S. and South Korea can do against the perpetrators -- assuming they're accurately identified in the first place -- leading to other attacks from the same group.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: !#!$#s
By bhieb on 7/10/2009 10:03:01 AM , Rating: 3
Wow guys use the foil for baking not hats. No doubt China is funding some of this behavior, but why do people see this particular attack as a threat? Come on these are DoS attacks on public sites, hardly capable of "shutting down" anything.

There is no real protection from a good DDoS. If you have a public site and a limited bandwidth (and everyone is limited to some degree), and someone has access to enough bots. They can effectively shut down the site. Just part of being on the public net. It is no different from me screwing with my friends back in 1992 on 14K dialup on AOL by pinging them till their connection dropped. Little fancier but the same concept.

Overloading the bandwidth of a public site is hardly professional hacking, and in no way is it capable of shutting down closed loop systems like the power grid. Hell most of the time Apple and MS do it to them selves each time they release a popular update, with not enough bandwidth to accommodate demand.


RE: !#!$#s
By HrilL on 7/10/2009 3:22:54 PM , Rating: 3
Its not really the limited bandwidth. Its actually the CPU in the server that can't handle the amount of request. In my ethical hacking class we attacked one machine from about ten others. This was done on a network with 100Mb/s of bandwidth and the most we consumed was 10Mb/s on the NIC of the machine under attack. The CPU usage went up to 100% can the machine pretty much just froze up but it was responding to some of the request and also we were hitting it with millions of half open connections which then have to timeout before they'll close. This form of attack can be protected against with a firewall that will close half open connections if they reach over a certain number.

Now you can also use massive amounts of bandwidth and just flood the host connection and this will make it so legit traffic can't get through either. This type of attack can't really be defended against because the only way would be to start blocking IPs or ranges of them and this won't stop connection from being overloaded because the packets won't be dropped until they hit the firewall.


"I f***ing cannot play Halo 2 multiplayer. I cannot do it." -- Bungie Technical Lead Chris Butcher














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki