WORLD> Asia-Pacific
DPRK may not be to blame for series of strategic website assaults: experts
(China Daily)
Updated: 2009-07-10 08:26

SAN FRANCISCO: Cybersecurity analysts raised doubts on Wednesday that the Democratic People's Republic of Korea (DPRK) launched recent attacks on U.S. government and Republic of Korea (ROK) websites, saying industrial spies or pranksters could be the villains.

More than two dozen websites in the US and the ROK, including that of the US State Department, were attacked in recent days. The ROK's spy agency has said the DPRK may be behind the attacks, while the US government has said it is too soon to make such claims - and Internet security experts agree.

The implications of a state-sponsored attack are severe, said SecureITExperts' Mark Rasch, who led the US Department of Justice computer crimes unit from 1983 to 1991.

Related readings:
DPRK may not be to blame for series of strategic website assaults: experts S Korea raises alert level amid cyber attack warnings
DPRK may not be to blame for series of strategic website assaults: experts ROK blames DPRK sabotage for cyber attacks
DPRK may not be to blame for series of strategic website assaults: experts DPRK eyed in cyber attack in US, ROK
DPRK may not be to blame for series of strategic website assaults: experts S Korea: cyber attacks preplanned
DPRK may not be to blame for series of strategic website assaults: experts SKorean websites hit by suspected cyber attack

"There's no difference between dropping a logic bomb and dropping a TNT bomb in the law of war," he said, but added that while the DPRK could have been behind the maneuvers, they did not appear to be coming from computers physically located in the Asian country.

"This is not something that your average 'script kitty' can do. On the other hand it doesn't require it to be state-sponsored," Rasch said.

The relatively simple "denial of service" attacks aim to overwhelm computers with requests for information. They are designed primarily to disrupt systems rather than penetrate and obtain data, analysts said. They are also difficult to trace.

The attacks could have been a "shot across the bow" by Pyongyang, the computer equivalent of its recent missile launches, but could also have been conjured up by hackers looking to make quick money or secure bragging rights.

They also could mask malicious activity like inserting spyware or malware computer programs that could later be activated, analysts said.

The attacks began on July 4.

Other analysts shied away from pinpointing the DPRK and said the attacks could be financially motivated.

"There's a trillion dollars in economic losses sustained due to hacking every year, not just financial data theft but also industrial espionage," Core Security Technologies' Tom Kellermann said.

"You're seeing a massive community of mercenaries for hire who are leveraging their computer skill sets, particularly in this global recession, the laid off IT professionals et cetera that are leveraging their attack capabilities and their technological experience to break in and out of systems."

Analysts struggled to explain why the DPRK would launch such an unsophisticated attack. Despite its financial strains, the country has a cyber warfare unit and a "hacking academy", Kellermann said.

"In our experience, state-sponsored events are under the radar," said Mandiant executive Mike Malin.

"If you were going to launch a sophisticated attack, you wouldn't warn people with this kind of attack," said James Lewis, a fellow at the Center for Strategic and International Studies. "You lose the element of surprise."

DPRK may not be to blame for series of strategic website assaults: experts

Reuters