Attacks against South Korean government websites could have suddenly become a lot more threatening than previously thought, after McAfee Labs claimed they could have been North Korean cyber war drills. As Reuters reports, the vice president of threat research at the company, Dmitri Alperovitch, raised these thoughts on behalf of the company. Alperovitch believes that these attacks may be more significant against national security than those of Anonymous and LulzSec, as he believes they were internet reconnaissance missions. They were intended to test the impact of cyber weapons should they be used in a war. His wording was as follows:
“This stuff is much more insidious and much more dangerous to national security than what Anonymous is doing.”
The claim was made in a technical analysis of software used in March 2011 against South Korean websites. The attacks were of the ‘denial of service’ nature, overwhelming websites with traffic to shut them down. The official stance of McAfee is that the botnet army used to overwhelm the South Korean websites likely came from infecting healthy computers with the malicious software needed. This was likely done using a popular South Korean file-sharing website, and allowed the computers to be added to a botnet.
The botnet acted as an army of computers, controlled from a “command and control center”, and used to effect on March 4th. The Neowin article on the event can be read here. The botnet attacked around forty websites in South Korea. According to Alperovitch:
“It was a very rapid operation – very constrained with specific goals. The intent was to see what level of damage you can do in a very rapid time period.”
The hackers responsible for the organized attack against the South Korean websites were clearly prepared, having encrypted their software to prevent it from being studied. It was also designed to destroy itself and its host computer ten days after the March 4th attack. It is extremely unusual for botnet herders, as they are known, to instruct their army of infected computers to turn against itself. Typical herders try to retain their ‘army’ for as long as possible to perform other tasks. Alperovitch believes their reasoning for working in the manner they did was to avoid allowing authorities to ascertain the attack purpose. Should a conflict ignite between the two notoriously hostile countries, these cyber-war strikes could be the attacks of the future. They were apparently intended to test the strength of South Korean websites.
The attacks against South Korean websites happened in both July 2009 and March 2011. North and South Korean relationships are incredibly fragile, and the two frequently threaten to instigate a war against the other. In March 2010, the Cheonan warship was destroyed by a North Korean torpedo, fired from a Yeono-class miniature submarine, on the border with North Korea. In November 2010, the North Korean army fired rounds of artillery into South Korea-controlled Yeonpyeong Island, on the western border of the two countries. The attack caused around twenty reported injuries and the death of two South Korean soldiers. North Korea was threatened with “enormous retaliation” if it continued its attacks.