Cyberwar 2009: USA – Part I ?
- Image via Wikipedia
Are these the opening shots in a Cyberwar?
In this very confusing day, there are quite a few allegations going back and forth about the DDoS (Distributed Denial-of-Service) attacks that appears to target certain US Government sites, certain South Korean sites, and other sites that I can not yet disclose. Despite the "logical" conclusions that such attacks must originate in the bugaboo nemesis that North Korea (DPRK) is, it is too early to positively point the figure at that State, Regime or central government and say confidently that they are behind these attacks.
As Rod Beckstorm said tonight on the BBC, it could be just a bunch of kids. It could.
I do not think so. And the Koreans seem to agree: the Korean security agencies are calling this event "coordinated" and "unprecedented" in that it is the first time that so many related sites (government and financial) are targeted in the same attack and by related machines.
Here are some of the very few facts that we are certain of, at this time, in no particular order:
- On certain US based sites, not just US Government sites, early in the morning on July 4, 2009 (US Eastern Daylight Savings Time), inbound traffic increased by a measure of up to 400 times normal traffic. It is possible that there is more data that shows an even higher ratio;
- Some of the sites included (you can see a more complete list below) have included the US Treasury Department, the US Homeland Security Department, certain US-based banks, and the White House.
- In Korea (South) they included the Blue House, Department of Defense, the Foreign Ministry and banking sites.
- In the USA, the FBI is looking into this incident, in Korea, the Korean National Intelligence Service is.
- The attacks started by distribution of "Trojans" on windows-based machines and seemed to target certain "well-known ports". these ports include the ubiquitous port 80 (web traffic) and similar ports expected to expected to exist on web-servers.
- The attacks have evolved. They are no longer just that simple.
- The attacks are some of the biggest, by volume (as measured in used bandwidth) ever seen. For example, they are 10,000 to 20,000 times what the average home user bandwidth is, for users that use even the premium version of most cable modems in the United States.
- While the Korean Computer Emergency Response Team site (KR-CERT) has some information on the evolution of these attacks, its related and far bigger brother site, the US-CERT, seems to be devoid of any mention of the mechanics of this attack. This is not a good thing.
- The Korean military is increasing its watch level for attacks against military computers for all networks operated by the military.
- Some of the attacked sites, but not all, went down for a period of hours. All seem to be up at this time.
- The related traffic on Twitter to the word "Korea" went up by x6 just before 8:30 am US EDT on July 8th, which is when this issue apparently came more into the public knowledge.
Tomorrow I expect to bring you more factual information and see if this event, indeed, becomes a fully-fledged Cyberwar.
Lists of sites reported by Choclat Blog Fun (a local blogger) in Korea and by CSO Online Magazine in the USA
In Korea
- banking.nonghyup.com (?? ??? ??)
- blog.naver.com (??? ???)
- ebank.keb.co.kr (???? ??? ??)
- ezbank.shinhan.com (???? ??? ??)
- mail.naver.com (??? ??)
- www.assembly.go.kr (???? ??)
- www.auction.co.kr (??)
- www.chosun.com (????)
- www.hannara.or.kr (????)
- www.mnd.go.kr (???)
- www.mofat.go.kr (?????)
- www.president.go.kr (???)
- www.usfk.mil (?? ??) <– This is the site of the US Military command in Korea
In the USA
- finance.yahoo.com
- travel.state.gov
- Cyberwar 2009: USA - Part I ?
