Inside Cyber Warfare - Jeffrey Carr [56]
The payload portion of this botnet woudn’t have passed muster at any of the official IT research facilities associated with the DPRK. These are well-educated individuals, some having attended the Indian Institute of Technology (one of the world’s top technology schools), and the quality of their work is high.
A Korean hacker who wasn’t part of the DPRK military wouldn’t have the resources inside the DPRK to run this attack. More likely, either he is a DPRK-approved student at an Indian, Chinese, or Japanese university, or he is living in another country as an illegal.
Another alternative would be a Russian or Chinese hacker who simply wanted to set up a scenario that would embarrass the United States and throw suspicion onto a likely fall guy—the DPRK.
What were the consequences of this attack? It showed how vulnerable certain government websites still are, both in the United States and South Korea.
US sites that went down during the Independence Day weekend attack included the Department of Transportation, the Secret Service, and the Federal Trade Commission. The State Department website was attacked and experienced degraded service. The White House and Department of Defense sites were also attacked, but experienced no negative impact.
Clearly more work needs to be done by the National Security Agency (NSA), which has been tasked to protect US government websites under the new distribution of responsibilities between the NSA and the Department of Homeland Security (DHS), which will focus on the protection of our civilian networks.
Another consequence was the response from Rep. Pete Hoekstra (R-MI), former chair of the House Intelligence Committee and now senior Republican member, who called for the US military to attack North Korea. Wired magazine reported the story on July 10, 2008:
Whether it is a counterattack on cyber, whether it is, you know, more international sanctions...but it is time for America and South Korea, Japan and others to stand up to North Korea or the next time...they will go in and shut down a banking system or they will manipulate financial data or they will manipulate the electrical grid, either here or in South Korea. ... Or they will try to, and they may miscalculate, and people could be killed.
He also claimed that multiple experts who had been investigating the attack said that “most likely all the fingers” point to the North Koreans and this was a “state act” and not that of “some amateurs.”
Of course, none of that is true. Why Hoekstra would make such claims is impossible to say, but it was reminiscent of other politically charged claims of imaginary threats coinciding with misstatements of intelligence findings and facts in evidence.
One Year After the RU-GE War, Social Networking Sites Fall to DDoS Attack
On August 6, 2009, close to the one-year anniversary of the August 8 invasion of Georgia by Russian troops, the Georgian blogger known as Cyxymu became the focal point of a series of DDoS attacks that would end up taking Twitter offline and severely hampering Facebook and LiveJournal access, inconveniencing millions of users.
From the beginning, this seemed like overkill on the part of those launching the DDoS attacks. Then, as information began to come in regarding the small size of the botnets used, it became clear that Twitter’s fragile infrastructure was also to blame.
Twitter has had bandwidth problems since its inception. Facebook has similar troubles, and LiveJournal has been operating with a skeleton staff ever since SUP acquired it from Six Apart in 2008. In other words, it didn’t take too much to force the networks of these very popular services offline.
The DDoS attack consisted of a combination of email spam, a TCP-Syn attack, and a HTTP-query DDoS attack:
The email spam (called a “joe-job”) was sent by a 300-node botnet normally affiliated with sending out online casino spam.
The TCP-Syn