Have recent cyberstrikes inadvertently kicked off a new Cold War? (IMG:J.Anderson)
The news of a cyberstrike aimed at South Korea and the United States has spread like wildfire since the Associated Press report hit the news wires. The popular target to blame is North Korea, however only South Korean officials make those charges, U.S. officials are remaining silent. If you take the political tension with North Korea into account, could these cyberattacks kick off another Cold War?
For those who remember, the Cold War started in the 1940’s and lasted until the early 1990’s. Russia and the United States engaged in espionage, propaganda, and an arms race that included conventional and nuclear weapons, leading to technological weapons developments that we are just now starting to see in the public. The parallel is technological advancement. The arms race has been replaced by bandwidth and application development on a grand scale, and the players are larger too, North Korea, China, small groups in Russia, South Korea, as well as nations in the Middle East.
It started on July 4. Most of the U.S. was celebrating Independence Day by blowing things up and holding cookouts. Online, Internet properties owned by South Korean government agencies and private companies started to slow to a crawl, and eventually would go offline altogether. Likewise, at the same time, the U.S.-based Internet properties such as the Treasury Department, Department of Transportation, the FTC, and the White House, as well as the NYSE, Nasdaq, Washington Post, and Amazon were targeted by what is being suggested as a coordinated Distributed Denial of Service (DDoS) attack launched by North Korea.
Ahn Jeong-eun, a spokeswoman at the Korea Information Security Agency, said the U.S. and South Korean attacks appeared to be linked. U.S. officials would not comment on how the government sites were impacted. In addition, they would not publically confirm or deny North Korean involvement. Similar attacks in the past were blamed on China, the U.S. took the same stance there officially, but members of Congress were quick to point fingers. South Korean lawmakers were quoted as saying that South Korea's intelligence service believes North Korea or its sympathizers may have staged the attack.
“This is not a simple attack by individuals. The attack appeared to have been elaborately prepared and staged by a certain organization or state,” Seoul's National Intelligence Service (NIS) said in a statement to the AFP. "The only site that was hit pretty bad [in the U.S.] was the Federal Trade Commission, ftc.gov," said Johannes Ullrich, CTO for SANS Internet Storm Center, when speaking to the AFP
Two U.S. sites had major performance issues for a number of days, reports Keynote Systems, Inc, the FTC, and Department of Transportation. A number of additional U.S. sites have had intermittent issues the last few days, Keynote added.
According to their data, FTC.gov went offline on July 5 at 9AM (EST). It was completely down July 6 at 8PM EST. As of July 8, FTC.gov “continues up to this hour to have major issues though not [100 percent] down.” Department of Transportation, which has had no issues since it came back online July 6, suffered over 30 hours of downtime.
IDG News said an unnamed source told them the attacks directed as much as 20 to 40 gigabytes of bandwidth per second during their height. They have since settled down to about 1.2 gigabytes per second. This is a massive amount of traffic. The attack was caused by 12,000 computers in South Korea and 8,000 across the globe, NIS and U.S. authorities say. This number is reported to be much higher according to Symantec who counts 50,000 hijacked systems, and the Washington Post says 60,000. The numbers don’t matter however, what matters is that they were used in an attempt to flood networks in Internet properties with so much traffic that they simply fell offline and it worked.
Yet, it didn’t work. Not like expected.
Next: Malware and what could be the launching point in a new Cold War
The attackers targeted so many sites that the bots were spread too thin SecureWorks’ Joe Stewart said. “This looks like an attack designed to draw attention to itself, rather than to actually try to take these sites offline.” Adding to this is his assessment of the code used in the botnet, which as it updated, added more and more sites to the attack list. “There's nothing in there to suggest that it's state sponsored. In fact, it looks like every other bot I see created by an intermediate programmer.”
Attacks on U.S. networks are far from rare according to a Department of Homeland Security spokesperson who told the AP that there were 5,499 known breaches of US government computers in 2008, up from 3,298 the previous year. "We see attacks on federal networks every day,” the spokesperson said in a statement. “[There are] measures in place have minimized the impact to federal websites.” As mentioned only the FTC and DOT sites suffered the bulk of the attack, the disbursement of traffic cause other sites to slow but not fall.
“The motivation behind this most recent wave of attacks is still unclear, but this demonstrates the need for governments and businesses to make cyber security a priority. We can expect even more attacks in the future given the vast availability of cyber resources and the creativity of cyber criminals,” said Thomas Gann, McAfee VP of Government Relations.
So what caused these attacks? DDoS attacks simply do not fall from the sky. The answer is Doom, or MyDoom to be exact, a family of Malware that has existed since 2004. MyDoom could have infected the systems used in the attacks by any number of means. The Malware is known to spread in drive-by-download attacks, email, as well as embedded in pirated software.
"The DDOS attacks are what have been talked about most so far, but there was a quieter malware attack vector that was also launched against all of these agencies. What most people don't realize is that our government networks are attacked on a much more frequent and substantial level than organizations in the private sector and their defenses have to be up to the task…,” said Chad Loeven of Sunbelt Software.
Loeven has a point, and the recent initiatives in Congress and policy from the White House agrees with him. These types of incidents are exactly why the Obama administration is pushing for hard reform on cyber policy, security being the top initiative.
Back to the original question, will these attacks spark a new Cold War? Criminals latch on to everything, from news and current events to popular search terms, in order to spread Malware. On some levels these attack vectors border on propaganda. Take the Malware and other criminal scams linked to the 2008 elections, they attacked both sides and used misinformation and other means to get victims to visit a malicious site or execute software so that it could infect their systems.
When it comes to espionage, Malware can cover that too. There have been several examples of this in recent news. Information stealing Trojans, which were looking for stored FTP passwords, used the hijacked information to compromise thousands of legit sites online. Banking related Trojans aim at capturing financial related details from their victims. When it comes to spies and government, the same Malware that can attack you at home, can attack a government computer and steal more sensitive information.
The arms race scenario is present as well. There are two sides to this issue, one is the criminals who will look at current protections and invent ways for the Malware to circumvent them. On a governmental level, there are whole divisions that have been created for cyber defense; is it really a stretch to assume there are divisions for offense as well? Keep in mind that in 2008, the Air Force was pitching ideas to create their own botnet for cyber warfare.
As new defenses are developed, criminals will create ways to circumvent them. It escalates, and as stronger defenses are developed to match stricter policy, the criminals react and create damaging attacks and Malware to surpass the tech advances in defense. This cycle goes on and on, it has for decades now. Yet, because politics is getting into the mix, and world powers want to play the game as well, things will get bigger and better, on both sides of the equation.
Will this new attack spark a Cold War? It already has, but we’re just now starting to see actionable proof.
Page 3 contains a list of known domains involved in the attack.
As of July 8, these are the sites that MyDoom has singled out for attack:
[List sent to The Tech Herald by Lumension]
From our Other Sites
This Japanese guy cooks up some pancakesâ€¦nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most [â€¦]
Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.
McLarenâ€™s 675LT will debut at this yearâ€™s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate [â€¦]
Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.
This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western [â€¦]
This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robotâ€™s arm. For a sense of scale the roverâ€™s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASAâ€™s Goddard Space Flight Center.
This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.