Investigation of government DDoS attacks deepens

Share this article:
After much speculation that North Korea was responsible for the cyberattacks against U.S. and South Korean websites, new evidence shows that the attacks trace back to a "master server" in the U.K.

But a cybersecurity expert in the United States warned that before declaring the case closed, it would be wise to consider whether the master server was compromised and controlled by someone else.

Vietnamese security vendor, Bach Khoa Internetwork Security, reported in a blog post on Tuesday that it analyzed a sample of the malware used in the attacks, said to be a variant of the MyDoom worm. The researchers were able to trace the sample, provided by the Korean Computer Emergency Response Team, back to eight command-and-control servers connected to a master server based in the U.K.

By gaining control of two of the eight command-and-control servers, the researchers were able to analyze their logs and find the IP address of the master server they were being controlled by, they said.

“Having located the attacking source in U.K., we believed that it is completely possible to find out the hacker,” Bach Khoa said in its blog post.

But Marcus Sachs, director of the SANS Internet Storm Center, said this does not necessarily mean the attack was launched by someone in the U.K.

“Just because a ‘master' has an IP address registered in the U.K. does not mean that a person in the U.K. is behind it all,” Sachs told SCMagazineUS.com in an email Tuesday.

It is possible that whomever is responsible for the attacks is leveraging other compromised machines, located outside of the U.K., to give the master its instructions, Sachs said.

In its analysis, Bach Khoa also found that 166,908 compromised machines from 74 countries were used to launch the attacks. Formerly, cybersecurity researchers believed that up to 60,000 zombies were used in the attack. Most of the offending machines were located in South Korea, the United States and China.


Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.