Reliable Security Information


The Pathetic War: South Korean and US websites suffer cyberattack

Imagined sigint from the front lines:


North Korea: We'll make a handful of your websites load slow!


South Korea: Just wait! Once we get our electromagnetic pulse bomb to work at a range of greater than ten yards ...


North Korea: Your EMP-bomb building scientists have nothing on our selfless warriors. They can can modify a five-year-old computer virus as well as Internet script kiddies -- or maybe even a little better! Tomorrow we strike your Imperialist puppet-master pigdogs at dot.gov as another example that you are powerless! Powerless!


South Korea: Our electromagnetic pulse (EMP) bombs, if exploded, will jam and damage your defence systems! Then you will not be able to rewrite more computer viruses!


North Korea: Tomorrow we will inflict more merciless retribution and pounding on your decadent overlords as well as make the website of your evil Ministry of Agriculture to load slow, if maybe at all. IT staff will be made to work overtime!

What to do about The Pathetic War or "Who Should We Bomb Now?"


"I don't think this kind of attack merits the use of force," Kristin Lord, a natsec expert at the Center for a New American Security, told Associated Press


Yes, it is sensible to agree that making websites run slow, or sometimes not at all, does not rise to the level of war-like provocation. If it did, the US would have to declare war on someone or some collection of computer viruses several times a day, every day.


"If you shoot back at the computers that actually launched the attack, then you're hitting third parties who probably don't even know they were involved," James Lewis, from the Center of Strategic and International Studies told AP.


"And if you go out over the networks to strike back at Pyongyang, how can you be sure you're not accidentally going to also take down Japan at the same time? You could end up shooting the wrong guy."


And you could wind up compelled to shoot your foot (or at least a big toe), too.


The US-CERT (Computer Emergency Readiness Team) memo, "Distributed Denial of Service Attack Against US Websites" for the July 4 weekend lists "command and control servers" identified with the attack.


The breakdown looks like this:


Belgium: 2
Canada: 3
China: 6
France: 2
UK: 3
Guatemala: 1
Indonesia: 1
Japan: 22
South Korea: 5
Mexico: 1
Holland: 2
Pakistan: 1
Russia: 1
Turkey: 1
Taiwan: 6
US: 27


If readers review an older piece on cyberwar-retaliation at all el Reg, one written by this author, not everyone will be on board with restraint, moderation and good sense. Keep in mind, this article was written as a bit of dry satire.


However, that was also well before the triumph of The Pathetic War in the mainstream news.


In any case, the pertinent section, where someone had recommended decisive retaliation:


When it comes to carpet-bombing a foreign country's cyberspatial infrastructure, the proper intelligence will be important, reasons [a US military man]. But no capability should be particularly restricted by details. If the US blows some puny country off the Internet and it turns out that their computers were only being used by others, the retaliation will have had, in any case, a warning effect. After all, a weapon has no deterrence if you keep it a secret. And besides, they'll probably have had it coming.


"Brute force has an elegance all its own," the man [said].


And so someone has already gone ballistic.


"Rep. Peter Hoekstra (R-Michigan), the lead Republican on the House Intelligence Committee, said the U.S. should conduct a 'show of force or strength' against North Korea for a supposed role in a round of attacks that hit numerous government and commercial websites this week," read Wired News.




The Pathetic War and what it means for you!


Tthe North Korean 'cyberattack' was linked to a new version of the old MyDoom computer virus, which dates from 2004 or so. The virus, which commandeers infected computers, has a long history. (Also see here.)


The list of the sites 'attacked' in the cyberwar is here, at Panda.


The list of sites to be attacked, extracted from new version of MyDoom virus can be seen here.


In another manner of speaking, that's close enough for initial government work.


And it indicates that just about anyone, or any group, could have done this with relative ease, rewriting computer viruses to do your bidding being not much of a feat of arms in cyberspace. The good news is that if it actually is a North Korean operation, then it is the very definition of pathetic, placing the rogue state firmly in the ranks of every other bad actor or organization feverishly rewriting computer viruses, locked into an arms race with the security industry. And if it's a usual hacker/virus-writer doing something NK sympathetic and wishing to show how the Great Satan can be struck, it's also not much to get excited over.


This raises the philosophical question: What happens if the newsmedia doesn't notice when you launch a cyberwar?


Does it still make a mighty sound?


Another matter that the advent of The Pathetic War asks us to address is one of perspective?


Is The Pathetic War worse than spammers filling up Net comment sections and filters with crap filled with links aimed at downloading even more nastyl code onto you, aimed at getting into your wallet?


Was The Pathetic War worse than twenty sites actively contaminating Twitter ( a site many people use, in contrast with -- say -- dot.gov on the 4th of July weekend) with rewritten variants of the Koobface worm aimed at downloading still more malicious software to the regularly victimized?


Which is worse with respect to affecting the security of American citizens, The Pathetic War or the $235 million dollars in bonuses to be paid anew to employees of AIG's financial products divsion?


These aren't trick questions.



Updated


This just in from the People's Ministry of Pathetic War


"A North Korean army lab of hackers was ordered to 'destroy' South Korean communications networks -- evidence the isolated regime was behind cyberattacks that paralyzed South Korean and American Web sites -- news reports said Saturday, citing an intelligence briefing," read an AP wire news story today.


"[SK lawmakers were told Friday] that a research institute affiliated with the North's Ministry of People's Armed Forces received an order to 'destroy the South Korean puppet communications networks in an instant' ... "


George Smith also blogs here.

 
Subscribe to SitRep:
GlobalSecurity.org SitRep RSS Feed GlobalSecurity.org SitRep ATOM Feed