Wednesday, July 8, 2009

Did North Korea really try a cyber attack against US government?


Matthew Weaver of the U.K. Guardian reports that hackers in North Korea were apparently responsible for cyberattacks against banks and government agencies in South Korea. Apparently denial of service attacks were attempted against several US government agencies (including the FTC) but were unsuccessful. The Guardian story is here.

The reports are being investigated by the independent US Cyber Consequences Unit, here.

It’s not clear if there is any possible connection with the security flaw reported a few days ago in Microsoft Internet Explorer in some units, which apparently is already being exploited overseas.

The activity is thought by some to be related to sanctions related to North Korea’s recent test and missile firings, as in the White House blog press release here.

However, a later AP story (by Lolita C. Baldor), posted on AOL Wednesday, indicates that the Transportation Department and FTC sites were significantly disrupted this week, story here. I personally found ftc.gov not responding late Wednesday afternoon.

Later reports indicated that agencies varied in how well they responded to the denial of service attacks, which involved pointing zombies at specific agency addresses. Some agencies had no difficulty at all. The technique is supposed to be slowing down the response to the packets and only allowing a finite rate of them in, by forcing the sender to respond to their responses. The attacks would not have involved contents of any government sites. Reportedly, NYSE and Nasdaq were also pointed at but had no difficult repelling them.

No comments: