Computer attack may not have originated in North Korea after all
|
Evidence has surfaced that the denial-of-service attacks that crippled dozens of U.S. and South Korean web sites last week may not have been perpetrated by North Korea, as widely surmised.
Bkis Security has just disclosed analysis showing that 166,908 botted PCs from 74 countries were used in the attacks. Commands were routed through eight control servers, tied into a master server located in the United Kingdom and running the Windows Server 2003 operating system, says Bkis research director Nguyen Minh Duc.
Hanoi-based Bkis analyzed samples of the attack code at the behest of APCERT, the Korean Computer Emergency Response Team. It found bots carrying out the attacks located South Korea, the United States, China, Japan, Canada, Australia and 68 other nations. Each bot randomly connected every three minutes to one of the eight control servers to receive instructions on which website to attack next. The control servers, in turn, received commands routed through the master server.
"Having located the attacking source in the UK, we believe it is completely possible to find the hacker," says Minh Duc. "This depends on the US and South Korean governments." He said Bkis has turned over its findings to authorities in both nations.
Just because the master server was located in the UK doesn't mean the attackers were Brits. The human controller could be sitting at a keyboard anywhere in the world.