Monday, July 20, 2009

Cyberstrikes Originated From Britain, Not North Korea


Say Experts

By Bobbie Johnson, San Francisco
Wednesday 15 July 2009 02.34 BST
Courtesy Of
The Guardian

A recent wave of cyber attacks that crippled thousands of computers and websites in the United States and South Korea could have originated from inside Britain, experts have warned.

According to security researchers in Vietnam, the source of last week's string of attacks by the Mydoom virus - which overwhelmed systems belonging to the US Treasury and the office of the South Korean president Lee Myung-Bak - can be traced to the UK.

"We have analysed the malware pattern that we received" said Nguyen Minh Duc, a director of Vietnamese security company BKIS, in a post on the company's blog. "We found a master server located in the UK."

Investigators said they had discovered new details on how the strikes took place by investigating and tracing back the attacks.

According to BKIS, infected computers had tried to contact one of eight so-called command and control servers every three minutes. These machines then gave instructions to the hacked PC - generally ordering them to direct traffic straight at victim websites, in attempt to overload them and force them to crash.

But these eight servers were themselves being controlled by a single source, which evidence indicated was located somewhere in Britain.

"Having located the attacking source in UK, we believe that it is completely possible to find out the hacker," wrote Nguyen. "This of course depends on the US and South Korean governments."

The findings contradict some earlier reports that the surge in attacks may have been coordinated from North Korea, a theory largely driven by intelligence reports presented to the authorities in Seoul.

Despite the news, government officials in South Korea are still trying to ascertain whether the strikes actually originated in the UK - or whether Britain was simply being used to screen the true location of those behind the attacks.

"We don't know that the attackers were actually based in Britain, or mainly hacked a British IP address and used it for delivery,'' an official from the Korean Communications Commission told the Korea Times.

No comments: