Investigation of government DDoS attacks deepens

Share this article:
After much speculation that North Korea was responsible for the cyberattacks against U.S. and South Korean websites, new evidence shows that the attacks trace back to a "master server" in the U.K.

But a cybersecurity expert in the United States warned that before declaring the case closed, it would be wise to consider whether the master server was compromised and controlled by someone else.

Vietnamese security vendor, Bach Khoa Internetwork Security, reported in a blog post on Tuesday that it analyzed a sample of the malware used in the attacks, said to be a variant of the MyDoom worm. The researchers were able to trace the sample, provided by the Korean Computer Emergency Response Team, back to eight command-and-control servers connected to a master server based in the U.K.

By gaining control of two of the eight command-and-control servers, the researchers were able to analyze their logs and find the IP address of the master server they were being controlled by, they said.

“Having located the attacking source in U.K., we believed that it is completely possible to find out the hacker,” Bach Khoa said in its blog post.

But Marcus Sachs, director of the SANS Internet Storm Center, said this does not necessarily mean the attack was launched by someone in the U.K.

“Just because a ‘master' has an IP address registered in the U.K. does not mean that a person in the U.K. is behind it all,” Sachs told SCMagazineUS.com in an email Tuesday.

It is possible that whomever is responsible for the attacks is leveraging other compromised machines, located outside of the U.K., to give the master its instructions, Sachs said.

In its analysis, Bach Khoa also found that 166,908 compromised machines from 74 countries were used to launch the attacks. Formerly, cybersecurity researchers believed that up to 60,000 zombies were used in the attack. Most of the offending machines were located in South Korea, the United States and China.


Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.