By Ron Synovitz
July 09, 2009
Computer security experts in the United States say dozens of U.S. government websites have been targeted in a coordinated cyberattack that also has struck key websites in South Korea since July 4-5.
The so-called denial-of-service (DOS) attacks are being called the most widespread cyberoffensive in recent years. They began on July 4 when 14 major websites in the United States were targeted -- including those of the White House, the U.S. State Department, and the New York Stock Exchange.
Since the night of July 7, access to at least 11 major South Korean websites has been cut or slowed dramatically by the cyberattacks -- including the websites of the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, the daily newspaper "Chosun Ilbo." and the top Internet portal Naver.com.
Although it stopped short of specifically identifying any suspected culprits, South Korea's National Intelligence Service has implicated North Korea or pro-North Korea groups.
The impact of the attacks is seen as negligible so far. There has not been an actual security breach. Nor has there been damage to the online infrastructure in the United States or South Korea. But experts say the attacks serve as a reminder that Pyongyang has been planning for cyberwarfare.
Kwon Tae-shin, chief of the office of South Korea's prime minister, told reporters in Seoul on July 9 that the government has had emergency talks on how to deter possible cyberattacks in the near future.
"Especially, there is some speculation that North Korea or its followers may be engaged in this cyberterror, and that a second, a third cyberattack can occur. Therefore, I think the government should establish overall cybersecurity measures for national security," he said.
'Botnet' Attacks
U.S. authorities have described the latest cyberoffensive as a series of "botnet" attacks -- a method similar to the DOS attacks that targeted Estonia in 2007 during a dispute with the Kremlin, and against Georgia last year during its conflict with Russia over South Ossetia.
Despite widespread allegations that the Kremlin had a direct role in those attacks on Estonia and Georgia, the allegations have never been proven.
Cyberwarfare expert Evgeny Morozov, a fellow at the Open Society Institute in New York, says it would be difficult to confirm that any hostile government is the source of a botnet attack.
That's because a botnet is created by a virus that can infiltrate millions of computers around the world before ordering them to send out a flood of simultaneous requests to view targeted websites.
"A botnet is usually composed of computers whose users are not aware that they are volunteering their computer power for the attack," Morozov says.
"The whole point of a botnet is to have, [for example,] 10 million computers send their signals to the target server all at once. This scale is crucial if you really want to take down a website. That's what happens in a typical cyberattack. It is much less glamorous than having hackers break into a server, deface it, and then steal data. What happens is just this overloading of their capacity with bogus requests."
Northern Defiance
North Korea has been working for the past decade to improve its computer-warfare capabilities. The technology to create a botnet attack is within the capabilities of North Korean computer experts.
And unlike cyberattacks blamed on Russian or Chinese state hackers -- where there may have been collusion with nongovernment computer experts -- it is assumed that computer activities coming out of North Korea are much more closely controlled by the government in Pyongyang.
Another detail that has raised suspicions about North Korea is the fact that the attacks on South Korea proliferated on July 8, the 15th anniversary of North Korean leader Kim Il Sung's death.
Last month, North Korea also warned of "high-tech war" against the South for spreading what it said was false information about its involvement in cyberattacks.
In fact, North Korea has been defiant in the face of international criticism over nuclear and missile tests that it is conducting in violation of UN Security Council resolutions. Some analysts speculate that a cyberoffensive could be part of Pyongyang's hard line of resistance to such criticism.
On July 4, as the cyberattacks were first surfacing in the United States, North Korea test-fired seven ballistic missiles into the Sea of Japan.
Last month, the UN Security Council passed a resolution expanding sanctions against North Korea in response to a May 25 nuclear test carried out by Pyongyang. A UN sanctions committee could blacklist more North Korean companies and individuals for supporting Pyongyang's nuclear and missile programs. That committee is due to complete its work by July 10.
Preparing Defenses
South Korean computer experts who have examined the latest botnet offensive say they expect attacks to focus on more South Korean targets ahead of that UN committee's deadline.
Ahnlab, South Korea's leading online security firm, is among several private companies in Seoul whose websites have been under attack. Cho Joo-bong, a senior researcher at Ahnlab, says it is difficult to know who is coordinating the attacks.
"In fact, nobody can figure out the attacker at this moment," Cho says. "All the assumptions are not verified yet. These attackers are continuously updating lists and ordering followers to attack cyberspace behind the scenes. So, nobody can say who is maneuvering all this."
Some analysts raise doubts about North Korea's involvement, saying it may instead be the work of industrial spies or pranksters. But that hasn't eased concerns in Washington.
U.S. and NATO defense officials have launched efforts to create a defensive system to protect their computer infrastructure from future cyberattacks. That effort includes a gathering of cyberwarfare experts in Estonia last month under the auspices of a NATO cyberdefense task force.