The Korea Herald reports that North Korea is the suspected source involved in a DDOS attack against South Korean government agencies, banks, and Internet portals and all the network range of the attack may point to North Korea, this may not have been done under the direct orders of the Kim Jon-il Government. South Korea believes that the North Korean Government has also stepped up their cyber-warfare initiatives including developing cyber-warfare simulation applications call "100 combat methods." Just as physical weapons have been for sale, are there now Botnets and warfare simulators that could be used as tools for those that may want to have a sneak peak at cyber defenses and forensics abilities - kind of like testing radar abilities but from a distributed source - to see at what point the counter attacks begin?
While there have been these types of reports coming from South Korea on suspecting the DDOS attacks may have originated from North Korea, other professional forensics experts are not ruling out that the cyber attacks that occurred over the 4th of July Holiday need to be further analyzed, that it just may haven been a smoke screen for an intrusion that would have been masked in all the noise. This method of trying to disguise a real intrusion with a cloud of DDOS attacks is a known tactic that Managed Security Service providers know when looking at distributed attacks. The attackers want to draw everyone's attention to one or many DDOS attacks while there is a valuable trust that has been compromised somewhere else that has nothing to do with the DDOS attack.
Ahnlabs believe the attacks were a modified versions of the MyDoom worm that used botnets to initiate the attack.
Rented Botnets seems be a new method of Cloud Computing to either test defenses, distract attention from what is really taking place, or simply making a political protest.
Links:
govinfosecurity.com
N.K. Combat Unit has 100 hackers
Ahnlab
Leave a comment