Did North Korea launch a cyber war on us?
Huffington Post with the AP story:
The powerful attack that overwhelmed computers at U.S. and South Korean government agencies for days was even broader than initially realized, also targeting the White House, the Pentagon and the New York Stock Exchange.
Other targets of the attack included the National Security Agency, Homeland Security Department, State Department, the Nasdaq stock market and The Washington Post, according to an early analysis of the malicious software used in the attacks. Many of the organizations appeared to successfully blunt the sustained computer assaults.
The Associated Press obtained the target list from security experts analyzing the attacks. It was not immediately clear who might be responsible or what their motives were. South Korean intelligence officials believe the attacks were carried out by North Korea or pro-Pyongyang forces.
Kim wants to test his enemies to see how far he can go before provoking a reaction. In a sense, he’s like a toddler, pushing his limits further and further as his parents keep indulging his behavior. Thus far, he has suffered no consequences of any real import except to get a few scoldings from the UN. The US finally put some pain on the table by chasing their merchant ship Kang Nam around for a few days and forcing it to return home rather than complete delivery of suspected arms to Burma. Interestingly, this appears to have taken place immediately afterwards, perhaps as retaliation.
John Hinderaker at Powerline:
If so, the cyber attack is part of a pattern of aggressive conduct by North Korea, including the firing of seven missiles on July 4 and the sailing of the Kang Nam 1 (which has now returned to port) in an apparent attempt to circumvent the U.N.’s weapons embargo. Rightly or wrongly, it does not appear that Kim Jong-il’s government has any fear of either the U.S. or the “international community.”
Joe Klein at Swampland in Time:
Is it possible that the North Koreans launched a July 4 cyber attack on the US government? If so, what’s the appropriate retaliation? Should we turn the electricity in Pyongyang on and off a few times, if we can do it?
The North Koreans are clearly in the midst of some sort of internal meltdown, probably having to do with a succession crisis. The new UN sanctions regime indicates that even the NoKos’ friends have lost patience with them. But the problem is larger than North Korea: cyber attacks have been attempted and defended against for several years. It’s all been hush-hush, but at a certain point this form of warfare becomes general public knowledge. The question is, when and how? Do we use the NK attack–if that’s what it was–to demonstrate to other would-be perpetrators that we have sophisticated capabilities in this area? Cyber warfare is serious business, obviously. It would be interesting to hear the arguments for and against. I’ll check some sources and see what they have to say.
Evgeny Morozov in Foreign Policy:
Instead of telling you what we know, let me highlight what we DO NOT KNOW:
1. We do not know that cyber-attacks have actually happened. That’s right, US officials have refused to discuss the story – all we know is that a DHS spokeswoman issued a warning to federal agencies, advising them how to deal with attacks. Well, it would still be reassuring to have someone from the US government actually acknowledge the problem…I am thinking aloud here but what if the attacks were just friendly fire or a test, meant to test the US preparedness to deal with cyber-attacks on July4th (when they started)? You never know unless someone speaks on the record…The fact that a web-site is not available – one of the fundamental claims made by the AP article on the subject, for example – does not mean that it’s automatically under a DDOS attack. There are many other reasons why it may not be available, some of them very trivial.
2. We do not know whether the current cyber-attacks are different from those that plague the work of the US networks/web-sites every day. Or their only difference is that they have happened on July 4th? Even the DHS spokeswoman acknowledged that “the US sees attacks on its networks every day, and measures have been put in place to minimize the impact on federal Web sites”.
3. We do not know if there are ANY connections between the attacks on targets in South Korea and those on the United States. If so, it hasn’t been established by ANYONE. I don’t have much data at hand, but I think that on any given day, we can pick any government at random and be sure that at least one of their web-site is under some sort of DDOS attack on that day. This doesn’t mean that there is a vast conspiracy against governments; it only means that DDOS attacks are extremely common and there is a good chance that more than one government web-site could be hit in a day. UPDATE: Just got off the phone with Jose Nazario of Arbor Networks; he told me that the attacks seem to originate from the same botnet, which doesn’t appear very sophisticated (for the geeks out there: Nazario told me that the attacks peaked at 23 megs per second/ 55,000 packets and involved http flood against port 80, none of which is particularly threatening)
4. We do not know if this is at all related to the North Korean missile test last week-end. We probably do not even know if this is anyhow connected to North Korea (even less so to its government). So far the only claim pointing to North Korea are South Korean spies – not exactly a very unbiased group – and South Korean parliamentarians, who, if I may, do not appear as very credible sources on the origin of cyber-attacks. South Koreans have been trying to push their “OMG, North Koreans are attacking us” (that’s the same North Korea where mere mortals are usually denied access to computers and the Internet, in case you were wondering) several times this year – actually, almost every month some non-news item surfaced that helped to push this narrative. By effectively linking their own attacks to attacks on the US government web-sites, I think they have finally succeeded in heeding the world’s attention to the “cyber” capabilities of the North Koreans (according to the South Korean intelligence, the hotbed of the North Korean cyberwarfare rests in the secretive Mirim college, where elite hackers are trained; the problem is that one doesn’t really need any elite hackers to launch DDOS attacks…). UPDATE: As per my conversation with Nazario, there seems to be no link/trace to North Korea in Arbor’s data either.
More to come, if Kim doesn’t attack us, too.
UPDATE: Barron Young Smith at TNR
1 Comment
July 8, 2009 at 4:56 pm
[...] Lil' Kim Clogged Our Tubes « Around The Sphere By aroundthesphere 4. We do not know if this is at all related to the North Korean missile test last week-end. We probably do not even know if this is anyhow connected to North Korea (even less so to its government). So far the only claim pointing to … where elite hackers are trained; the problem is that one doesn't really need any elite hackers to launch DDOS attacks…). UPDATE: As per my conversation with Nazario, there seems to be no link/trace to North Korea in Arbor's data either. … Around The Sphere – http://aroundthesphere.wordpress.com/ [...]