Computer attack may not have originated in North Korea after all

Byron Acohido USA today 14.07.2009 08:13
Computer attack may not have originated in North Korea after all - cyber security - Internet - Technology - UK - North Korea

Evidence has surfaced that the denial-of-service attacks that crippled dozens of U.S. and South Korean web sites last week may not have been perpetrated by North Korea, as widely surmised.

Bkis Security has just disclosed analysis showing that 166,908 botted PCs from 74 countries were used in the attacks. Commands were routed through eight control servers, tied into a master server located in the United Kingdom and running the Windows Server 2003 operating system, says Bkis research director Nguyen Minh Duc.

Hanoi-based Bkis analyzed samples of the attack code at the behest of APCERT, the Korean Computer Emergency Response Team. It found bots carrying out the attacks located South Korea, the United States, China, Japan, Canada, Australia and 68 other nations. Each bot randomly connected every three minutes to one of the eight control servers to receive instructions on which website to attack next. The control servers, in turn, received commands routed through the master server.

"Having located the attacking source in the UK, we believe it is completely possible to find the hacker," says Minh Duc. "This depends on the US and South Korean governments."  He said Bkis has turned over its findings to authorities in both nations.

Just because the master server was located in the UK doesn't mean the attackers were Brits. The human controller could be sitting at a keyboard anywhere in the world.


Add your comment
  Anonymous comment
  Remember me on this computer

Send me by email any answer to my comment
Send me by email every new comment to this article