July 11, 2009
It has been revealed that the South Korean government knew in advance
that the distributed denial of service (DDOS) attacks that paralyzed web
sites for major institutions in South Korea and overseas had begun
earlier in the U.S., but did not properly handle the situation. Analysts
say this means that the government's sloppy response in effect increased
damages resulting from these simultaneously occurring attacks.
According to accounts Friday from officials at the Korea Information
Security Agency (KISA) and various security companies, the attacks first
struck the Web sites of major government organizations in the U.S.,
including the White House and the State Department, last Sunday, which
was July 4 (local time) or during the Independence Day holiday in the
U.S. However, the attacks did not deliver much of a blow due to the
swift response of U.S. security authorities. The U.S. evaded the cyber
attack by boldly blocking data for which access requests were being
received from zombie PCs infected with malicious code located in other
countries, including South Korea.
However, while the South Korean government knew through its Computer
Emergency Response Team (CERT) that major U.S. sites were suffering a
DDOS attack, it considered the attack to be "something that happens all
the time" and therefore, decided to not issue a warning. "The DDOS
attacks that occur in one year alone in South Korea amount to dozens of
cases," said Ryu Chan-ho, head of the analysis and prevention team at
the KISA's Korea Internet Security Center. "We do not worry about the
trivial stuff," Ryu added. Major nations throughout the world share and
respond in real time to information about cyber attacks and hacking
through a network of CERTs, and despite prior knowledge, the South
Korean government's belated response to the attack led to an increase in
damage and confusion.
A security company official who analyzed the malicious code used in the
attack says, "The zombie PCs infected with the malicious code began
their attack on U.S. sites on July 5th, prior to the attacks on July 7th
against 25 sites in South Korea and the U.S." The National Intelligence
Service also reported in a meeting of the National Assembly's
Intelligence Committee that while "the U.S. took response measures on
July 4 and did not suffer much damage, we responded on the evening of
the 7th after the situation produced a situation of paralysis."
Attend Black Hat USA, July 25-30 in Las Vegas,
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com