DDOS attack strikes S. Korea

Posted on : 2009-07-09 11:20 KST Modified on : 2019-10-19 20:29 KST
Experts are saying cyber attack originating from S. Korea was politically motivated and reveals weaknesses in national Internet security
 July 8.
July 8.

A total of 26 domestic and foreign sites, including those of the Cheong Wa Dae (the presidential office in South Korea or Blue House), National Assembly, Ministry of National Defense, Grand National Party, Chosun Ilbo, Naver and the U.S. White House, were disrupted and paralyzed between Tuesday evening and Wednesday through an attack of concentrated traffic. Malicious code was spread into tens of thousands of personal computers turning them into zombie PCs overloading sites with connection requests and paralyzing them, resulting in a distributed denial of service (DDOS) attack. Whereas this DDOS attack differs from “hacking,” where someone with criminal intent penetrates a site’s firewall and removes or alters information, it is being characterized as the exposure of the defenseless of some of the nation’s leading public institutions’ web sites to a cyber-attack.

What distinguishes this week’s attack from previous DDOS attacks is the fact that it did not merely affect South Korea en route to other countries, but was created domestically and targeted 26 specific sites in South Korea and the U.S. Prosecutors revealed Wednesday afternoon that 90 percent of the computers used in the DDOS attack, or some 23 thousand computers, were located in South Korea. The White House in the U.S shut down connections with sites in South Korea on Tuesday evening because of the DDOS attack originating from South Korea. South Korea has become the epicenter of an international DDOS attack.

Unlike previous cases, no motives for the attack have yet been revealed. For example, game or shopping mall sites have been targeted in the past with threats of being paralyzed with an excessive traffic in exchange for money. “In general, an identity was revealed while demanding payment in previous DDOS attacks,” said an official with Symantec Korea. “It is being assumed that this attack was motivated not by monetary gain, but by negative feelings toward the sites in question,” the official added.

Moreover, the attack is the first created domestically used to paralyze a large number of sites simultaneously. Another difference is that it has not been revealed whose commands the infected computers were carrying out. With no information on the perpetrator or motive, there are only questions on the intent of the person who attacked the 26 sites. Police and prosecutors are currently analyzing the logs of the attacked sites and the computers used in the attack in order to determine the channel through which the malicious code was distributed.

The attack on major state organizations’ sites, including the Cheong Wa Dae, National Assembly and Ministry of National Defense, also reveals how lax the government is about Internet security and the protection of information. Following several reports on DDOS attacks in which money and products were demanded, site managers have been focusing on equipping sites with security systems against DDOS attacks and hacking. In particular, while most of the civilian sites attacked were restored either late Tuesday night or early Wednesday morning, including Naver and bank sites, the Cheong Wa Dae and Ministry of National Defense sites were on and off until late Wednesday morning.

The National Cyber Security Center is in charge of managing the Cheong Wa Dae web site.

The Korea Communications Commission (KCC) and Korea Information Security Agency (KISA), which handle Internet protections, have been unable to avoid criticisms not only of their inability to prevent the attack but also of their belated response. While the attack began at around 6:10 p.m. Tuesday, the KCC and KISA did not issue a warning about an Internet invasion incident until 1:30 a.m. Wednesday. PC users who were unaware of the attack the previous evening turned on their infected computers on Wednesday morning and escalated the DDOS attack.

 

Please direct questions or comments to [englishhani@hani.co.kr] 

Most viewed articles