DATE:
2009-07
AFFECTED COUNTRIES:
South Korea and USA
AFFECTED SITES:
Multiple governmental and financial sites in South Korea and the United States
EFFECT OF ATTACKS:
Peak of ~13GBps floods at peak
SOURCE COUNTRY:
Initial speculation: North Korea (1,2,3). Later reports pointed to Great Britain, then the USA (5,6).
ALLEGED ATTACKERS:
South Korean intelligence reported that it had been traced to a cyberwarfare division of the North Korean army (1,2,3). The later reports that point to UK/USA do not specify.
TYPE OF ATTACK:
DDoS
ATTACK SPECIFICS:
Malware spread through email, utilizing the older MyDoom worm; infections starting ~May 2009 (1). Estimated infections range from 25,000 (1) to more than 150,000 (5), mostly in China, South Korea, and Japan (2). Targets were hardcoded in autonomous bots. Program disabled Windows Firewall and presented as drivers in the registry. Primary method was use of HTTP GET requests with no-caching instructions, though UDP and ICMP floods were also detected.
EVENT DESCRIPTION:
Attack on governmental and financial websites in SK and USA allegedly carried out by a cyber warfare unit of the North Korean army (1,2,3). While not having to do with independent media or human rights-based sites, it seems relevant since the perpetrator may have been a government - although later reports seemed to shift blame away from NK (5,6).
URLS:
1. http://chaptersinwebsecurity.blogspot.com/2009/07/ddos-attacks-in-korea-forensic-analysis.html
2. http://www.wired.com/threatlevel/2009/07/mydoom/
3. http://www.washingtonpost.com/wp-dyn/content/article/2009/07/08/AR2009070800066.html
4. http://www.wired.com/threatlevel/2009/07/show-of-force/
5. http://www.wired.com/threatlevel/2009/07/brits-attack-us/
6. http://blog.bkis.com/korea-and-us-ddos-attacks-the-attacking-source-located-in-united-kingdom/
7. http://minnesota.publicradio.org/display/web/2009/07/10/schneier/
No comments:
Post a Comment