July 15, 2009

New Suspect In Last Week’s Cyberattacks?

After a week of playing the blame game, Seoul officials say a Vietnamese computer security firm is now pointing the finger at Britain as the likely source of the cyberattacks last week that penetrated major US and South Korean websites.

According to the Korea Communications Commission, the source of the information was the Vietnamese firm Bach Khoa Internetwork Security. Vietnam is associated with a regional grouping known as the Asia Pacific Computer Emergency Response Team.

Park Cheol-Soon, a network protection team leader of the government-run communications commission said, "The (British) server appears to have controlled compromised handler servers" which spread viruses.

"However, it needs more investigation to confirm whether this server was the final attacker server or not," he told AFP.

Earlier, Seoul's National Intelligence Service made a statement that North Korea was the prime suspect and most likely culprit in the attacks that undermined major government and commercial websites in the United States and South Korea.

The discovery of a master server in Britain did not mean North Korea could not be held responsible, according to Park.  "It does not either bolster or undermine claims that someone has done the attacks," he said.

The websites were overwhelmed when a deluge of requests for website access from tens of thousands of "zombie" computers infiltrated the system, causing a "distributed denial of service".

The attackers were able to maintain their anonymity by sending the flood of requests from a multitude of computers that had previously been infected with a virus.

The source of the attacks is particularly difficult to identify considering 166,000 of these "zombie" computers located in 74 different countries were believed to be used, according to The Korea Communications Commission.

The alert against the cyber attacks was downgraded on Monday by the intelligence service. They said that the attacks were "fizzling out" and that most of the sites that had been originally targeted had restored their normal traffic.

Regional tensions had already been high since North Korea has staged a nuclear test and multiple missile launches in recent weeks, but if a cyber attack were confirmed, it would be considered as a new war tactic.

President of security solution provider Shiftworks, Hong Min-Pyo, told AFP on Wednesday that it is technically impossible to trace the source of the attacks to any person.

Hong says his company has also already tracked down a server in New Jersey that was purportedly spreading the so-called malware.

However, "DDos attacks are designed to hide the attackers," Hong told AFP.