Computer security experts were divided Thursday on whether North Korea was behind the ongoing attacks on US and South Korean websites, an assault that highlighted the vulnerabilities of the Web.(Agencies)
Computer security experts were divided Thursday on whether North Korea was behind the ongoing attacks on US and South Korean websites, an assault that highlighted the vulnerabilities of the Web.
"I don't think it was North Korea, but there's really no proof either way," said Johannes Ullrich, chief technology officer for the SANS Institute's Internet Storm Center, which monitors cyber threats.
"The way this particular malware was written it looks like one guy wrote it in his basement over a weekend," he said. "But maybe that's what North Korea's cyberwarfare unit looks like."
"It could be anybody," he continued. "It could be a South Korean. It could be a Chinese, whoever had motivation and the tools to do it. There's really nothing that points to a nation state."
Joe Stewart, director of the counter-threat unit at SecureWorks, agreed, telling Computerworld "it looks like every other 'bot' I see created by an intermediate programmer."
The so-called distributed denial of service (DDoS) attack used an army of malware-infected computers known as a "botnet" in a bid to paralyze US and South Korean websites by overwhelming them with traffic.
Around a dozen websites in the United States, including those of the White House, State Department and Pentagon, and another dozen in South Korea were among those targeted in the attack which began on Sunday.
Spokesman Ian Kelly said the State Department's website, state.gov, continued to come under attack on Thursday but not in "high volume."
Secureworks' Stewart said the attack appeared to be "designed to draw attention to itself, rather than to actually try to take these sites offline."
"If it was state-sponsored, you'd think that the attacks would focus on just a few sites," he said. "A state would try to be sneakier than this."
Neither the United States nor South Korea has publicly accused the North Korean government of being behind the attacks.
Kelly, the State Department spokesman, said Thursday he had "no information" about any North Korean involvement.
But South Korean lawmakers briefed by the country's National Intelligence Service said the NIS believes North Korea or its sympathizers may be to blame.
Luis Carrons, technical director of Spain-based security firm Panda Labs, said North Korea is the most likely suspect.
"Everything's pointing to North Korea," he told AFP. "But it's really only something we can guess. We don't have any real proof."
Carrons also said that unless a website can afford to deploy redundant servers and other expensive defenses, little can be done to fend off DDoS attacks.
"What can you do when 20,000 computers are attacking you and sending you hundreds of requests per second?" Carrons asked.
Ullrich described the event as "a very unsophisticated, simple attack" that got a lot of attention but didn't shut down any critical services.
"The real sophisticated attack you never hear about because they're working stealthy, under the radar," he said. "They're either stealing data or compromising data. Those are the attacks that I'm really worried about."
Ben Greenbaum, senior manager for security response at Symantec, said DDoS attacks, by their nature, are fairly unsophisticated.
"The goal is fairly unsophisticated as well -- it's an attempt to render a website or an online resource unusable," Greenbaum said.
Liesyl Franz, vice president for information security and global public policy at trade association TechAmerica, said the attack highlights the need to make cybersecurity a priority.
"Given the preponderance of information networks and systems and the use of the Internet in our everyday lives, throughout our economy and for national security we view it as a national priority to address cybersecurity," she said.
"Fortunately we have seen President (Barack) Obama say the same," she said.
Obama has made cybersecurity a top priority and announced in May that he would name a "cyber czar" to defend against criminal, espionage and hacker attacks on US government and private computer networks.
(Agencies)
没有评论:
发表评论