US, S. Korean websites under attack; N. Korea blamed

US, S. Korean websites under attack; N. Korea blamed

Summary: So it's cyberwar.In a July 4 attack that is believed to come from North Korea or its sympathizers, the websites of a number of U.

SHARE:

So it's cyberwar.

In a July 4 attack that is believed to come from North Korea or its sympathizers, the websites of a number of U.S. and South Korean government agencies were knocked out and experienced continuing problems since the holiday, the Associated Press is reporting today.

U.S. agencies having problems: the Treasury Department, the Secret Service, the Federal Trade Commission and the Transportation Department. The Washington Post and other private-sector sites were hit as well.

South Korea's National Intelligence Service told Korean lawmakers that North Korea is behind the distributed denial of service attacks.

Stateside, the U.S. Computer Emergency Readiness Team issued a notice "advised (agencies) of steps to take to help mitigate against such attacks," a Homeland Security spokesperson said.

The Transportation site was down Saturday through Monday; FTC was down Sunday and Monday. Ben Rushlo, director of Internet technologies at Keynote Systems, said the Transportation Web site was "100 percent down" for two days, AP reports. FTC was coming back online Sunday but by Tuesday was 70 percent unavailable.

Web sites of major South Korean government agencies, including the presidential Blue House and the Defense Ministry, and some banking sites were paralyzed Tuesday. An initial investigation found that many personal computers were infected with a virus ordering them to visit major official Web sites in South Korea and the U.S. at the same time, Korea Information Security Agency official Shin Hwa-su said.

Topics: Browser, Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

96 comments
Log in or register to join the discussion
  • attacks from Windows machines

    These are infected Windows operating system computers that are
    attacking the government sites. Will we ever learn?
    gertruded
    • Funny how it was omitted from the story.

      I've been following these type of stories for days. Now ZDNET puts up a
      story but they aren't including the most important part of the story. This
      has to do with an old active x tech from Microsoft. 18 months and
      Microsoft is still sitting on it's laurels. Funny how everyone was up in
      arms when Apple took six months to fix java, but on the Microsoft side,
      all this is being swept under the rug. Anyone remember the .ani exploit
      in the wild? How long did it take Microsoft to fix that issue?
      AdventTech67
      • Active X

        Have you applied the latest ActiveX workaround yet?
        twaynesdomain-22354355019875063839220739305988
    • Attacks from Linux machines

      Where did it say it came from Windows machines?
      Some sources are pointing to Linux machines as the culprit.
      John Zern
      • Linux avoids ActiveX

        If this is an exploit of the famously vulnerable ActiveX then it's very unlikely that linux machines were able to be used to initiate these attacks.
        Tom6
      • Military/Govt Servers

        One thing I know is that the Dept of Education uses Linux/Unix based servers. It is quite possible the Military uses much the same thing. While their data processing equipment is probably windows based, it is not logical to assume what kind of servers they have or what kind of networking hardware they use.

        They should have mentioned in the story that South Korea has top notch broadband Internet, so there are probably lots of computers there to turn into zombies. I have no idea what the preferred operating system is in South Korea. Being an Asian country it is hard to say. It could be that a lot of the operating system are either Linux or pirated copies of Windows. I have not been in Korea in 20 years or so but when I was there pirated music tapes were quite common. China also is nearby and in China they also have a problem with pirated songs and software. This them of not paying for licensing is a common theme in Asia.
        ceh4702
        • meh

          I recall a story about China or Korea pushing Linux in the home computer segment, wish I could recall where I read it but I want to say they've move heavily away from Windows and pushed for Linux due to the low cost.
          ariesghost
          • Can't use Linux

            You can't use Linux is South Korea if you want to do any form of Internet Banking, online shopping, or anything else that requires SSL due to Government regulations. Korea is 99.99% Windows based.
            Necrolin
      • Linux Of Couse

        With easy to download OS Something like BackTrax, a slax base linux Live-CD,someone could easily cause the hack attacks. With spoofers and macchangers alone allow access into networks with ease. Any good hacker will use linux because its free with thounsdands of programs that are perfect for mimicing other computers. Also most windows system are protected from other windows system more so than unix and linux.
        davidrkingii
      • Windows, LInux, Unix, Lindows, Minux, et al

        I'm not so sure it much matters what machines it came FROM as it does who those behind the keyboards/macros/bots are and getting a handle on them. I wasn't able to figure out exactly why the backbones were burping periodically but due to the timeframe I figured it had to so with something like this; it's been talkeda bout for a long time.

        In a way, I like it in that it might wake up a lot of security people who are asleep at the switches and operate purely in reactive versus proactive modes. As a corporate country, we are pathetically behind the times and lax in security in all walks of life.
        OTOH, the alleged source of a lot of this trouble, which I actually agree is likely retaliation, China is so ridiculously un-secure that it should be a simple job to shut them down by simply honeypotting and shipping the tripe right bact at them. A few well addressed spews like that to well thought out addresses would topple the gvt for a short peiod of time and might make a point. That's as opposed to the currently unsophisticated and rumor-run attacks some here are pushing into China.
        Cyberwars are silly in the sense that any company that wants to can simply ban the entire country from its sites and never see a thing from them. Only our greedy, dollar sucking bass-turds NEED communications from China. All it takes to keep them off your site is a .htaccess file and to know what you're doing with it. How-to is posted all over the 'net. I blocked them long ago so I'm not even seeing the current rash of chinese spam going to everyone and their brother. I'd rather they wasted their time sending to me whre it gets dropped on the floor than to some innocent party who doesn't need/want it. And if you don't like .htaccess, a proxy and a 3rd party app can achieve it just as easily, maybe even easier.

        So it's not which OS is doing the work; it's the work itself that matters. Any current OS could accomplish the same thing so - there's nothing to argue about that way.
        IMO at least<g>.
        twaynesdomain-22354355019875063839220739305988
        • If it was easy just to unplug China...

          If this was easy to solve the problem by just
          unplugging China, this would have been done.
          But most of the problem really comes from
          within our own networks, because they will
          always find a way to connect to them: they
          absolutely don't need a huge bandwidth to
          compromize some large enough server in USA,
          Europe, Japan, South Korea. There are already
          tons of vectors that allow them to run any
          security attack againt some western server that
          they have found to be open to some security
          hole.

          They will harvest it very secretly, only to use
          them later as the gun (signal of attack) that
          will deliver the bullet to the zombies already
          deployed worldwide. This kind of gun can be an
          order to download a new specific program, sent
          to a few preselected hosts (preferably those
          running on broadband fiber accesses on home
          computers, because they can act very rapidly
          and reach very fast a lot of targets).

          Launching a new attack has never been so fast,
          it can now take a few seconds for an attack to
          reach almost all major backbones in the world
          and most ISPs, but the best security monitoring
          companies will not be able to react before
          minutes just to detect the attack (and there's
          still no emergency system that can delay or
          slow down some critical service for minimum
          investigation.

          Yes it's true that Linux servers can be
          harvested as intermediate relays for secretly
          lauching the bullet, but it's also true that
          today, most of the internet bandwidth and CPU
          force is now located in billions of homes,
          running Windows and connected to the Internet
          with broadband services: these billions of
          homes contain hundred of millions PCs infected
          by all sorts of worms (there are now thousands
          of new worms every day specifically for
          Windows, and they don't always need to harvest
          a security hole in Windows to install
          themselves: they can simply harvest the many
          security holes or open doors left open within
          one of the many existing old worms remaining on
          the network; in that case, these new programs
          do not perform actions that are easily
          trackable before their installation, but they
          get immediately an access to the full system,
          including with the possibility of running
          secretly despite there's apparently an
          antivirus installed: they control the antivirus
          and hide themselves from it, just to expose
          them the information they want.)

          Where is now the problem? it's no more in China
          or Korea, but directly on the PCs running at
          home at your immediate neighbours, friends, or
          in a company. Every ISP is now affected but
          none of them will take action to shut down
          preventively their customers from their
          network. The best they will do is to inform
          their customers, often indirectly. But users
          are still left without good security
          investigation tools, most of them don't pay for
          it (and most of them feel that the protection
          offered by the "box" provided by their ISP is
          enough to protect them from inbound connection,
          ignoring that the problem is still on their PC
          that can open inbound ports on the router at
          any time with a very small worm program running
          on their PC and performing outgoing requests to
          the Internet once they have been infected.

          In other words, internal or external firewalls
          are now completely useless, unless they could
          be also dynamically updated to regulate the
          *outgoing* traffic. Almost all users don't even
          know the number of legit programs running on
          their PC that are still regularly performing
          outgoing requests to the internet or that are
          left running permanently with open listening
          ports.

          Windows still does not help users by clearly
          displaying every such program or identifying
          clearly with each host on the Internet these
          programs are communicating (in fact Windows
          offers NO tool to monitor the open sockets and
          get the list of programs or identifying the
          service running in some thread of "svchost.exe"
          that is causing such communication, because
          service threads are not identifiable and can't
          be unloaded selectively: you can just kill some
          process without knowing precisely if it will
          just crash Windows completely.)

          Microsoft should never have invented the
          infamous "rundll.exe" or "svchost.exe"
          processes. It was really a bad idea to allow
          separate services to run in the same process
          without being precisely identifiable and
          selectively killable. The problem is
          architectural, and the best that MS can do is
          to run those critical system services sharing
          the same process within a virtual machine like
          .NET, that allows fine-grained control and
          identification on the running thread. Win32
          threads have never been designed for that.

          There are similar problems with most device
          drivers that shouls no longer run as processes,
          but only as plugins running in a protected VM
          controled by the kernel, so that their
          isolation and identification becomes effective.

          To be honest, you will find Linux in this
          category, now that it can also run or emulate
          Windows; you'll find also servers (runnigng any
          OS) running hypervisors with virtualized OSes.

          With the increased level of interoperability
          between distinct OSes, and a lot of softwares
          or libraries whose source has been written
          identically to be portable from one OS to
          another, there now exists exactly the same
          problems on almost all OSes (including now,
          sometimes, the OS running within dedicated
          devices on which users do not even know that
          they run a generic OS, like NASes, broadband
          routers, set top boxes... and that they can't
          even update themselves because these boxes are
          closed, or maintained by their operator, or are
          no longer maintained by their manufacturer).
          These "boxes" are supposed to be secured, but
          we start to see now that they can become the
          targets of attacks, and I think that this will
          be even more frequent in a very near future
          (and the users, or the antivirus or security
          suite running on their PC or Mac will never
          notice it, despite these boxes can now become
          the best zombies of the world, without having
          to harvest any PC or data directly on the home
          or organization's local network: they will just
          monitor your traffic and will insert in it
          every content they want !)

          All that can be done now is to promote the full
          securization of the WHOLE internet, using
          encryption and/or end-to-end authentification
          and signature.

          The PKI infrastructures must now be deployed
          more massively, not just on Internet servers
          for their commerce platform, but for each
          customer on all their Internet accesses (but
          there will be solutions to find to help protect
          the privacy, including those using the security
          systems to help protect against their
          dissemination and reuse by unauthorized
          parties). It's high time for ISPs and
          governments to give free personal numerical
          secure certificates as part of their regular
          services. And to make their use much simpler to
          interpret that what they are today (or provide
          better interfaces to use them securely with
          terms that can be understood by average
          customers, plus provide education about them;
          it will be very hard to provide the second
          part, given that most customers have still not
          understood how to protect their ID card or
          green card, or credit cards!).
          PhilippeV
    • Actually its not

      Since Windows doesn't support attacks or advanced TCP/IP configurations used for these attacks it can't possibly be that. Most likely its coming from unsecured linux boxes which are known to leave telnet open.
      Loverock Davidson
      • Of course, it can't be Windows

        You could also blame OSX, BSD, OS/2 and all the other OS's. That is
        because Windows in known to be secure and never part of a botnet. All
        these systems are doing it in concert.
        gertruded
      • Dimwit it is the Windows ecco system causing the problems.

        Read here

        http://www.computerworld.com/s/article/9135259/Microsoft_may_have_known_about_critical_IE_bug_for_months

        & here

        http://www.computerworld.com/s/article/9135279/Updated_MyDoom_responsible_for_DDOS_attacks_says_AhnLab

        & here

        http://www.computerworld.com/s/article/9135273/Newest_IE_bug_could_be_next_Conficker_says_researcher

        Could things get any worse than this at the moment?

        "In a world without walls & fences, who needs windows & gates?"
        Intellihence
      • So, what you're saying is...

        That Windows is a retarded/out of date system?
        zkiwi
      • Huh?

        There hasn't been a linux distribution that shipped with telnet enabled and open in well over 10 years. Do you perhaps work for Microsoft or one of it partners? Maybe own some MSFT stock? Your statements are not credible.
        waltmaine
    • Will we ever learn what?

      Old OSs have vulnerabilities?

      Malware authors target OSs with 90%+ marketshare?

      What exactly are you thinking we are supposed to learn from this?
      NonZealot
    • Your time is coming

      Typical macboy/girl drivel.
      Herman Anderson
    • WE?

      TINW! And you're not speaking for ME, so "we" goes right out the window. And, you've got ot all backwards I'm afraid. Let's try this one, which makes just as much sense: THEY have to learn!
      twaynesdomain-22354355019875063839220739305988
    • Win machines

      Learn what?
      compudog