Feeds

Congressman calls for 'cyber-reprisals' against North Korea

Modern day General Ripper frets over phantom threat

Beginner's guide to SSL certificates

A Republican congressman has urged the US to unleash a retaliatory cyber-attack against North Korea over DDoS attacks supposedly launched against US and South Korean websites.

Congressman Peter Hoekstra of Michagan, the lead Republican on the House Intelligence Committee, urged President Obama to mount a "show of force" against North Korea over its alleged role in cyberattacks last week.

Hoekstra made the call to fire up the cyber-equivalent of B-52 bombers despite absolutely no evidence that the impoverished, hard-line communist state is involved in the assault. This lack of evidence didn't prevent Hoekstra from warning about possible "cyber-geddon" if the US failed to act on last week's attacks.

If action is not taken, he said during an appearance on American radio show, "next time they'll go in and shut down a banking system...or manipulate the electrical grid either here or in South Korea. Or they will try and miscalculate, and people will be killed."

Graham Cluley, senior technology consultant at security firm Sophos described Hoekstra's call to cyberarms as "complete nonsense" and without any justification.

"No evidence has been produced showing that the government of North Korea are behind the denial-of-service attacks," Cluley argued. "A hacker can be based anywhere on Earth and command a worldwide botnet to bombard websites with traffic."

"If Hoekstra has been advised by internet experts that the attacks definitely came from North Korea, I would politely suggest that he finds himself some new internet experts," he added.

Alex Eckelberry, chief exec of Sunbelt Software, backs up the assessment that North Korea stands falsely accused of launching last week's assault.

"I know of not a shred of evidence that this bot is from North Korea. It would take considerable research to ascertain the original source (the relevant IPs to the malicious code are in several places — Florida and Germany)," he writes in a blog posting criticising media "hysteria" over the attacks.

Cyber-twerp

It's not the first time Hoekstra has flaunted his lack of tech savvy or apparent ignorant of information security issues in public. Earlier this year, he unwisely used Twitter whilst in a helicopter over Baghdad, potentially exposing himself and the crew to a heightened risk of attack by giving away his movement during an official visit, Sophos adds.

A later Tweet inappropriately comparing the internet clampdown in Iran to the hammering dispensed by US voters against the Republicans last year sparked even greater ridicule, and it spawned a satire blog entitled Pete Hoekstra is a Meme dedicated to tracking the Dutch-born politician's gaffes.

In contrast to Hoekstra, security analysis of the attack has revealed that they were neither potent nor sophisticated. The attack was launched from machines infected by a variant of MyDoom and never got beyond a basic PING Flood, as explained by security researcher Ariel Silverstone here. Attacks that started against US hosts (affecting the FTC, FAA and Treasury in particular) on 4 July began focusing on South Korean government and e-commerce websites later last week, where they caused still more problems.

A write-up by Shadowserver containing a full list of attacked sites can be found here.

Glass jawed websites KOed by basic assault

The attacks themselves were more Dad's Army than Terminator.

Arbor Networks reckons the volume of spurious data associated with the attacks reached only 39 Mbps on average peaking at 182Mbps, orders of magnitude less than recent attacks.

Jose Nazario, a security researcher at Arbor Networks, describes the assault as a garden variety attack of a volume that might easily be filtered out.

Although the attack was a featherweight - rather than the heavyweight early reports might have suggested - it still leaves awkward question about why some sites (which might be described as "having a glass jaw") were knocked out by it.

This botnet will self-destruct in seven seconds...

Earlier analysis suggested anywhere between 50,000 to 200,000 infected machines - depending on who you asked - were associated with the attack. These compromised machines were due to download a software component that overwrote data on Friday, effectively paralysing infected systems, according to a detailed analysis of the malware here).

Symantec, more succinctly, describes the threat as an “old school time bomb” in its write-up here.

According to The Washington Post, the South Korean CERT is reporting that infected PCs are "self-destructing," though it's unclear how frequently this is happening. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.