The news of a cyberstrike aimed at South Korea and the United States has spread like wildfire since the Associated Press report hit the news wires. The popular target to blame is North Korea, however, only South Korean officials make those charges, U.S. officials are remaining silent. If you take the political tension with North Korea into account, could these cyberattacks kick off another Cold War?
For those who remember, the Cold War started in the 1940s and lasted until the early 1990s. Russia and the United States engaged in espionage, propaganda and an arms race that included conventional and nuclear weapons, leading to technological weapons developments that we are just now starting to see in the public. The parallel is technological advancement. The arms race has been replaced by bandwidth and application development on a grand scale, and the players are larger too, North Korea, China, small groups in Russia, South Korea, as well as nations in the Middle East.
This cyberstrike started on July 4. Most of the U.S. was celebrating Independence Day by blowing things up and holding cookouts. Online, Internet properties owned by South Korean government agencies and private companies started to slow to a crawl, and eventually would go offline altogether. Likewise, at the same time, the U.S.-based Internet properties such as the Treasury Department, Department of Transportation, the Federal Trade Commission and the White House, as well as the New York Stock Exchange, Nasdaq, Washington Post, and Amazon were targeted by what is being suggested as a coordinated Distributed Denial of Service (DDoS) attack launched by North Korea.
“This is not a simple attack by individuals. The attack appeared to have been elaborately prepared and staged by a certain organization or state,” Seoul’s National Intelligence Service (NIS) said in a statement. “The only site that was hit pretty bad (in the U.S.) was the Federal Trade Commission, ftc.gov,” said Johannes Ullrich, CTO for SANS Internet Storm Center, when speaking to the AFP.
Two U.S. sites had major performance issues for a number of days, reports Keynote Systems, Inc, the FTC, and Department of Transportation. A number of additional U.S. sites have had intermittent issues the last few days, Keynote added.
According to their data, FTC.gov went offline on July 5 at 9 a.m. (EST). It was completely down July 6 at 8 p.m. EST. As of July 8, FTC.gov “continues up to this hour to have major issues though not (100 percent]) down.” Department of Transportation, which has had no issues since it came back online July 6, suffered over 30 hours of downtime.
IDG News said an unnamed source told them the attacks directed as much as 20 to 40 gigabytes of bandwidth per second during their height. They have since settled down to about 1.2 gigabytes per second. This is a massive amount of traffic. The attack was caused by 12,000 hijacked computers in South Korea and 8,000 across the globe, NIS and U.S. authorities say. This number is reported to be much higher, according to Symantec, who counts 50,000 hijacked systems, and the Washington Post says 60,000. The numbers don’t matter, however, what matters is that they were used in an attempt to flood networks in Internet properties with so much traffic that they simply fell offline and it worked.
Yet, it didn’t work. Not like expected.
Steve Ragan is the security editor at The Tech Herald, www.thetechherald.com.