Patterico's Pontifications

7/13/2009

North Korean Cyberattacks

Filed under: Blogging Matters,International — DRJ @ 8:18 pm



[Guest post by DRJ]

Since July 4, the North Koreans have been suspected of targeting cyberattacks on official U.S. and South Korean websites, and some websites are only now returning to normal.

Tonight, I haven’t been able to access One Free Korea, a blogger’s website that focuses on Korea and especially North Korea. This may be due to routine maintenance or some other problem but can any tech savvy person tell why One Free Korea is down?

— DRJ

18 Responses to “North Korean Cyberattacks”

  1. Maybe it’s related, maybe it’s not, but I got a gigantic spike on my Site Meter, all for a gun cotton recipe. Twenty times my usual traffic. I followed the sources and they were from all over the world but the referrals were from Googles (ours and foreign ones). ?

    nk (ca8012)

  2. One Free Korea redirects to the following address just for a second, so it’s hard to tell. I don’t know anything about hacking or cyberattacks.

    http://www.freekorea.us/maintenance.htmlmaintenance.htmlmaintenance.htmlmaintenance.htmlmaintenance.htmlmaintenance.htmlmaintenance.htmlmaintenance.htmlmaintenance.htmlmaintenance.htmlmaintenance.htmlmaintenance.html

    carlitos (268320)

  3. The NoKor’s in the past few weeks, renounced the cease-fire that has been in effect since 1953.
    By their own words, a state-of-war exists again between the PRNK and the UN Coalition.
    I wouldn’t put anything beyond them, and I feel confident that the leader of the UN Coalition (US) has no intention of doing anthing regardless of the provocation.
    Cyber attacks are just warfare through other means.

    AD - RtR/OS! (eb7d4e)

  4. Not sure why the site is down – could be any number of reasons.
    As for the NK attacks Bruce Schneier, one of the gurus in the security community, has some thoughts about it at http://minnesota.publicradio.org/display/web/2009/07/10/schneier/

    He is more frustrated with how the government agencies don’t adequately patch their systems than with the fact that we got attacked. The exploit is five years old and not a “zero day” exploit that could not be prepared for.

    voiceofreason2 (d7059f)

  5. Do you buy into the theory that this is North Korea?

    imdw (017d51)

  6. Do you buy into the theory that this is North Korea?

    Comment by imdw — 7/14/2009 @ 4:55 am

    Nah, I think it’s elves.

    nk (1e550c)

  7. From what I have read it “appears” to be coming from them. DDOS attacks are fairly basic hacker actions. But just as the Estonia attacks revealed; what was first thought to be Russian military turned out to be “hacktivists” doing so without state sponsorship. Skilled hackers will use servers in other countries to launch attacks and muddy the trail for investigators.
    In addition, the state sponsored attacks tend to be more oriented toward stealthy exfiltration of data. DDOS is more of a tactical action when engaged in a larger war – deny the ability to use critical systems during battle. (Much as we overwhelmed the radar sites in Gulf 1&2)
    Schneier’s point was that if the system administrators had done their job properly the attacks wouldn’t have worked in the first place.

    voiceofreason2 (10af7e)

  8. “From what I have read it “appears” to be coming from them. DDOS attacks are fairly basic hacker actions. But just as the Estonia attacks revealed; what was first thought to be Russian military turned out to be “hacktivists” doing so without state sponsorship. Skilled hackers will use servers in other countries to launch attacks and muddy the trail for investigators.”

    Yeah that’s what makes it odd. When you launch a DDOS attack, you use zombies which you have taken over and hide your location.

    A guess I heard, which seemed more credible than north korea — because it at least matches the facts we have seen — was that this was someone showing off their zombie network to a buyer.

    imdw (e8663e)

  9. The site is up now and they’re saying that it doesn’t appear to be an external attack on them.

    Ken Hahn (9d2a35)

  10. Just who in NorKor, except Govt agents, would have computers?

    AD - RtR/OS! (1699eb)

  11. But just as the Estonia attacks revealed; what was first thought to be Russian military turned out to be “hacktivists” doing so without state sponsorship

    This is demonstrably false – cyber gangs have been operating with impunity within Russia for years, with both the direct and indirect support of the KGB:

    http://www.irantracker.org/analysis/russia-and-cyber-threat

    http://larussophobe.wordpress.com/2009/03/30/confirmed-kgb-launched-cyber-attack-on-georgia/

    No one can state definitively that the KGB was not at the very least indirectly responsible for the attacks. Please cite your sources for your definitive statement – or perhaps you’d care to expound on your prior explanations for Obama’s brilliant policies regarding Honduras again.

    Dmac (e6d1c2)

  12. No one can state definitively that the KGB was not at the very least indirectly responsible for the attacks. Please cite your sources for your definitive statement – or perhaps you’d care to expound on your prior explanations for Obama’s brilliant policies regarding Honduras again.

    And you cannot definitively state that they did.
    As for “source” if you had read the article I linked you would have seen “It was hyped as the first cyberwar, but after two years there is still no evidence that the Russian government was involved. Though Russian hackers were indisputably the major instigators of the attack, the only individuals positively identified have been young ethnic Russians living inside Estonia, who were angry over the statue incident.”


    As for Honduras… what does that have to do with the price of tea in Brazil? I made no comments about Honduras on any site.

    voiceofreason2 (590c85)

  13. vor2, I think Dmac confused you with imdw re Honduras.

    AD - RtR/OS! (1699eb)

  14. “Just who in NorKor, except Govt agents, would have computers?”

    When DDOS attacks come from computers, they’re usually at the command of someone other than the owners of those computers.

    imdw (de7003)

  15. This is Joshua from One Free Korea. My thanks to Patterico and everyone else for your concern. The site was down about 12 hours, apparently the result of Bluehost migrating servers, not the work of Unit 121.

    Frankly, I’m a little disappointed that the North Koreans haven’t hacked my site, at least as far as I know. I mean, isn’t advocating the violent overthrow of their government enough?

    Joshua Stanton (803281)

  16. I now see it’s a guest post; thanks to DRJ.

    Joshua Stanton (803281)

  17. Thanks for the update, Joshua. I’m glad everything is okay but I wouldn’t be surprised to learn you are on some North Korean hacker’s radar.

    DRJ (6f3f43)

  18. So here’s something I have some real understanding of.

    Unless the norks are masters of this game (and I have reason to suspect they are not), what they’ve done amounts to an amateur-hour stunt.

    Pretty much every site is terrifyingly insecure and trivially easy to hack to a teenager with the right scripts and lack of morals. Professionals (even North Korean professionals) take it to a whole other level and they cannot be stopped.

    Here are two major reasons:

    1) New security constantly appear in all applications and security patches need to be installed. Note the gap in security that exists between when the hole is discovered and when it is patched. It is not possible to protect yourself against that gap; you can only keep a low profile or always be prepared to restore from backup. Note also that the only securty holes patched are those that have been abused or advertised. Hacks exist that have not been sufficiently advertised for the software publisher to hear about them and put out a patch, and the people with those hacks bide their time until they find enough sites to hack and then blitz them all at once. Non-professionals cannot win.

    2) You cannot backtrace hackers. IP spoofing is trivial, but that’s not the reason. The reason is that these people hide within international networks of secure proxies and you will never penetrate that network.

    For a full explanation detailing this process and a sobering vision of just how easy it is to hide, visit:

    iran dot whyweprotest dot net

    WARNING: The site itself is totally safe but DO NOT install anything that comes from this site. These people are dangerous, but informative. You will not be successful at hiding like they do on your first try, but you might give hackers the use of your bandwidth, which they might use to hack government sites … and guess whose door the spooks are gonna knock on. Hint: it won’t be theirs.

    Harvey M Anderson (a664fb)


Powered by WordPress.

Page loaded in: 0.1441 secs.