[ISN] South Korea's government had advance warning of the DDOS attack in the U.S.

From: InfoSec News <alerts_at_private>
Date: Mon, 13 Jul 2009 01:07:31 -0500 (CDT)
http://english.hani.co.kr/arti/english_edition/e_national/365242.html

The Hankyoreh
July 11, 2009

It has been revealed that the South Korean government knew in advance 
that the distributed denial of service (DDOS) attacks that paralyzed web 
sites for major institutions in South Korea and overseas had begun 
earlier in the U.S., but did not properly handle the situation. Analysts 
say this means that the government's sloppy response in effect increased 
damages resulting from these simultaneously occurring attacks.

According to accounts Friday from officials at the Korea Information 
Security Agency (KISA) and various security companies, the attacks first 
struck the Web sites of major government organizations in the U.S., 
including the White House and the State Department, last Sunday, which 
was July 4 (local time) or during the Independence Day holiday in the 
U.S. However, the attacks did not deliver much of a blow due to the 
swift response of U.S. security authorities. The U.S. evaded the cyber 
attack by boldly blocking data for which access requests were being 
received from zombie PCs infected with malicious code located in other 
countries, including South Korea.

However, while the South Korean government knew through its Computer 
Emergency Response Team (CERT) that major U.S. sites were suffering a 
DDOS attack, it considered the attack to be "something that happens all 
the time" and therefore, decided to not issue a warning. "The DDOS 
attacks that occur in one year alone in South Korea amount to dozens of 
cases," said Ryu Chan-ho, head of the analysis and prevention team at 
the KISA's Korea Internet Security Center. "We do not worry about the 
trivial stuff," Ryu added. Major nations throughout the world share and 
respond in real time to information about cyber attacks and hacking 
through a network of CERTs, and despite prior knowledge, the South 
Korean government's belated response to the attack led to an increase in 
damage and confusion.

A security company official who analyzed the malicious code used in the 
attack says, "The zombie PCs infected with the malicious code began 
their attack on U.S. sites on July 5th, prior to the attacks on July 7th 
against 25 sites in South Korea and the U.S." The National Intelligence 
Service also reported in a meeting of the National Assembly's 
Intelligence Committee that while "the U.S. took response measures on 
July 4 and did not suffer much damage, we responded on the evening of 
the 7th after the situation produced a situation of paralysis."

[...]



_______________________________________________      
Attend Black Hat USA, July 25-30 in Las Vegas, 
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Sun Jul 12 2009 - 23:07:31 PDT

This archive was generated by hypermail 2.2.0 : Sun Jul 12 2009 - 23:26:21 PDT