Cyberattacks on South Korea-US a test run: McAfee (Update 2)

Jul 05, 2011 by Glenn Chapman
The McAfee logo is displayed outside of the company's headquarters in 2010 in Santa Clara, California. Cyber attacks on US and South Korean military websites in March may have been a test by North Korea or sympathizers, according to a report released Tuesday by computer security firm McAfee.

Cyberattacks on US and South Korean military websites in March may have been a test by North Korea or sympathizers, according to a report released Tuesday by computer security firm McAfee.

"We believe this incident... has very clear anti-Korean and anti-US political motivations," McAfee said in a report titled "Ten Days of Rain."

"The combination of technical sophistication juxtaposed with relatively limited execution and myopic outcome is analogous to bringing a Lamborghini to a go-cart race," McAfee said in its findings.

"As such, the motivations appear to outweigh the attack, making this truly seem like an exercise to test and observe response capabilities," it said.

McAfee security researchers said it was 95 percent likely that the culprits behind the online assault in March were also behind July 4, 2009 cyberattacks on US and South Korean websites.

Banking, military and government websites in South Korea and sites for US forces in that country were hit with distributed denial of service attacks on March 4.

DDoS attacks overwhelm websites with requests, causing them slow down or be inaccessible.

McAfee security researcher Georg Wicherski deemed the attacks "an armed cyber reconnaissance operation of sorts" aimed at assessing defenses and reaction times of South Korean government and civilian networks.

"Knowing that would be invaluable in a possible future armed confrontation on the peninsula, since cyberspace has already become the fifth battlespace dimension, in addition to land, air, sea, and space," Wicherski said.

The DDoS attacks were made by usurping control of virus-infected computers in South Korea to overwhelm targeted websites with simultaneous requests for pages or information.

Tactics used in the attacks were more destructive than typically seen when legions of infected computers are commanded in "botnets" by hackers, according to McAfee.

The botnet in South Korea was programmed to perform DDoS attacks for 10 days and then self-destruct, frustrating investigators by overwriting or deleting files and codes to the extent the computers could not be booted up.

While the Match attacks were underway, encryption algorithms were used to mask parts of malicious code and stymie analysis by defenders.

"This wasn't a surgical strike; it was more like a sledgehammer, as most DDoS attacks are," the McAfee report said.

"The attackers relied on the encryption to buy them more time against reverse engineering until the DDoS attack window expired."

Steps were taken to ensure that the mission was executed without interruption, within the predefined attack window, and then all vehicles of attack would be destroyed, the report concluded.

Updates were sent to the botnet by servers in various parts of the world including Taiwan, Russia, Saudi Arabia, India and the United States to make it resistant to takedown, according to McAfee.

The McAfee study revealed that pieces of the malicious code used in the attacks were built by a number of different people, each with limited knowledge of the overall program.

Last week, South Korea's defense ministry announced that it would expand its cyber warfare unit to help combat growing Internet attacks from North Korea.

The ministry said its cyber command, launched in January last year, would increase the number of personnel from 400 to 500, following an earlier announcement that it would open a cyber warfare school next year.

North Korea reportedly maintains elite hacker units.

Seoul accused Pyongyang of staging the cyberattacks on websites of major South Korean government agencies and financial institutions in March this year and in July 2009.

Pyongyang rejected those allegations, accusing Seoul of inventing the charges to raise tensions.

In May, South Korea said a North Korean cyberattack paralyzed operations at one of its largest banks.

Explore further: LinkedIn membership hits 300 million

add to favorites email to friend print save as pdf

Related Stories

Dozens of South Korean websites attacked

Mar 04, 2011

(AP) -- Hackers attacked about 40 South Korean government and private websites Friday, prompting officials to warn of a substantial threat to the country's computers.

S. Korea to step up security against cyber attacks

May 24, 2011

South Korea said Tuesday it will step up IT security within the government to fend off cyber attacks from North Korea, which it has accused of mounting a series of strikes in recent years.

South Korean websites come under further attack

Mar 05, 2011

(AP) -- Unidentified attackers targeted more than two dozen South Korean government and private websites Saturday, a day after two waves of similar attacks, but officials reported no serious damage. ...

Recommended for you

LinkedIn membership hits 300 million

15 hours ago

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

21 hours ago

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites. It also clarifies that ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

ricarguy
1 / 5 (1) Jul 06, 2011
I bet that if deemed successful, their elite cyber attack units might even get fed, unlike most of the N. Korean subjects.

More news stories

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Researchers uncover likely creator of Bitcoin

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...