[ISN] Root-Server Attack Traced to South Korea, U.S.

From: InfoSec News (isnat_private)
Date: Fri Nov 01 2002 - 01:10:29 PST

  • Next message: InfoSec News: "[ISN] Cordless keyboard wrote on neighbor's computer"

    Forwarded from: William Knowles <wkat_private>
    By Brian Krebs
    washingtonpost.com Staff Writer
    Thursday, October 31, 2002
    Last week's attacks on the Internet's backbone likely emanated from
    computers in the United States and South Korea, FBI Director Robert
    Mueller today said.
    "The investigation is ongoing," Mueller said at an Internet security
    conference in Falls Church, Va. He did not offer more details on the
    investigation, nor did he outline the evidence investigators have
    gathered so far.
    Last Monday, a distributed denial of service (DDOS) attack struck the
    13 "root" servers that provide the primary road map for the Internet.  
    A subsequent and possibly related attack targeted the "name" servers
    that house Internet domains like dot-com and dot-info.
    East Asia is a major source of cyber crime and computer attacks, in
    part because of the relatively high number of broadband users in the
    region's countries. High-speed Internet service is essential to DDOS
    attacks, in which hackers use dozens -- and often hundreds -- of
    commandeered computers to overwhelm targeted networks with a flood of
    Internet traffic. South Korea boasts nearly as many broadband users (8
    million) as the U.S. and has more broadband connections per capita
    than any other country.
    "We've tracked a total of at least 80,000 zombie machines in South
    Korea that are trivially exploitable and usable for these kinds of
    attacks," said Johannes Ullrich, chief technology officer for the
    Internet Storm Center, which tracks the source and type of
    cyberattacks worldwide. "These are machines that have ready-made back
    doors that allow them to be used to target other networks."
    According to several recent studies, only the United States surpasses
    South Korea as an origin of computer attacks.
    Such statistics don't necessarily prove the actual source of cyber
    attacks, since attackers frequently can mask their identities and
    But armed with the right technology, investigators can frequently
    identify the Web addresses of computers used to issue or direct the
    zombie computers to attack their target, said Alan Paller, research
    director for the SANS Institute, a nonprofit computer security
    research and training group.
    "Investigators can often trace these attacks with the right kinds of
    tools," Paller said. "This kind of tracing can be hard to do during
    the attack, but can often yield results after the fact."
    Mueller's remarks today came in a speech in which he encouraged
    private industry to cooperate with law enforcement in fighting cyber
    crime. He also discussed his agency's likely role in cyber security
    under a newly formed homeland security agency.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Nov 01 2002 - 03:52:52 PST