05.54
Unknown
Network attacks that paralyzed a handful of large sites in South Korea earlier this year were almost certainly made in North Korea or parties allied with the country, security company McAfee said on Tuesday the report.
The analysis of the company, which is done through the South Korean and U.S. governments, is a comprehensive yet published in Mars Attacks, and details on how they were carried out, and why they were so difficult to combat.
To investigate the incident, the report draws a clear parallel with a similar attack that hit South Korea and U.S. Web sites offline in 2009 and reached an uncomfortable conclusion: the attacks were likely to test the defense of Korea South cyber and response, and it could be the prelude to a much larger attack in the future.
The attack began on March 4, when thousands of computers began to bomb 14 sites with traffic. The sites include government agencies of the leading companies in South Korea and the home page of U.S. forces in Korea. The method, called DDoS (Distributed Denial of Service) is designed to flood sites with many applications that are overloaded. For actual users, who seem very slow, or in many cases, disconnected.
The teams that participated in the attack had been infected with malware that is expected from the instructions of the latency control servers, which were infected computers. In the case of the attack in March, these servants of the middle layer consists of infrastructure and were controlled by an additional level of control equipment.
Encryption is used throughout the system makes it difficult to analyze the messages and the computer code. In trouble to do the analysis even more difficult, the key algorithms used in the various phases of the system.
The attacks lasted up to 10 days, after which the file has been programmed to destroy itself. Key files have been removed and replaced, then the master boot record on the disc, where they were stored were damaged. That would leave the disk unusable, even for the recipient of the computer used.
After analyzing the attack and how it was implemented, the researchers had one big question: Why would you build the sophistication both in software designed to make an attack rather primitive?
"DDoS can be done with the software from your local cyber-criminals," said Dmitri Alperovitch, research vice president at McAfee Labs threats in a telephone interview. "The level of effort in which far outweighs any DDoS botnets to date."
The attack does not seek to evade detection - by taking the major websites are guaranteed to attract attention - but it seeks to interfere with the analysis of the attack, said Alperovitch. The researchers concluded that the attack was political and had a particular, narrowly focused.
"It 'was to test the response of the South Korean government," he said. "When you look at who could make a player jumps off the page. North Korean government would like to see if future conflict could have an impact on the cyber and real life impact."
McAfee did not find any concrete evidence to link the attacks on North Korea, but Alperovitch said that the company has convinced the government offensive was a solitary Asian nation, or group of closely allied with it.
The same conclusion was reached by an investigation by the South Korean government in the attacks.
North Korea and South are still technically at war, having never signed a peace agreement to end the Korean War in 1953. The border between the two neighboring countries is one of the most fortified in the world.
In 2011, the attack showed a further degree of sophistication than the 2009, attacks, says McAfee. In March incident involved 14 target sites, less than a third of the 40 affected sites in 2009, and this time make no U.S. sites
"This time they dropped all American targets," he said. "They know how to end WhiteHouse.gov is useless, and having at NYSE.com not affect the U.S. economy because they are hitting the site, not the trading system."
A narrower range of targets and improvements in systems of command and control show the attackers have learned several lessons on their first attempt in 2009, said Alperovitch. Experience at this time could still be developed to ensure better success next time.
The analysis of the company, which is done through the South Korean and U.S. governments, is a comprehensive yet published in Mars Attacks, and details on how they were carried out, and why they were so difficult to combat.
To investigate the incident, the report draws a clear parallel with a similar attack that hit South Korea and U.S. Web sites offline in 2009 and reached an uncomfortable conclusion: the attacks were likely to test the defense of Korea South cyber and response, and it could be the prelude to a much larger attack in the future.
The attack began on March 4, when thousands of computers began to bomb 14 sites with traffic. The sites include government agencies of the leading companies in South Korea and the home page of U.S. forces in Korea. The method, called DDoS (Distributed Denial of Service) is designed to flood sites with many applications that are overloaded. For actual users, who seem very slow, or in many cases, disconnected.
The teams that participated in the attack had been infected with malware that is expected from the instructions of the latency control servers, which were infected computers. In the case of the attack in March, these servants of the middle layer consists of infrastructure and were controlled by an additional level of control equipment.
Encryption is used throughout the system makes it difficult to analyze the messages and the computer code. In trouble to do the analysis even more difficult, the key algorithms used in the various phases of the system.
The attacks lasted up to 10 days, after which the file has been programmed to destroy itself. Key files have been removed and replaced, then the master boot record on the disc, where they were stored were damaged. That would leave the disk unusable, even for the recipient of the computer used.
After analyzing the attack and how it was implemented, the researchers had one big question: Why would you build the sophistication both in software designed to make an attack rather primitive?
"DDoS can be done with the software from your local cyber-criminals," said Dmitri Alperovitch, research vice president at McAfee Labs threats in a telephone interview. "The level of effort in which far outweighs any DDoS botnets to date."
The attack does not seek to evade detection - by taking the major websites are guaranteed to attract attention - but it seeks to interfere with the analysis of the attack, said Alperovitch. The researchers concluded that the attack was political and had a particular, narrowly focused.
"It 'was to test the response of the South Korean government," he said. "When you look at who could make a player jumps off the page. North Korean government would like to see if future conflict could have an impact on the cyber and real life impact."
McAfee did not find any concrete evidence to link the attacks on North Korea, but Alperovitch said that the company has convinced the government offensive was a solitary Asian nation, or group of closely allied with it.
The same conclusion was reached by an investigation by the South Korean government in the attacks.
North Korea and South are still technically at war, having never signed a peace agreement to end the Korean War in 1953. The border between the two neighboring countries is one of the most fortified in the world.
In 2011, the attack showed a further degree of sophistication than the 2009, attacks, says McAfee. In March incident involved 14 target sites, less than a third of the 40 affected sites in 2009, and this time make no U.S. sites
"This time they dropped all American targets," he said. "They know how to end WhiteHouse.gov is useless, and having at NYSE.com not affect the U.S. economy because they are hitting the site, not the trading system."
A narrower range of targets and improvements in systems of command and control show the attackers have learned several lessons on their first attempt in 2009, said Alperovitch. Experience at this time could still be developed to ensure better success next time.
Posted in: News
0 komentar:
Posting Komentar