Over the past few days, there has been an ongoing series of denial-of-service attacks against Web sites in South Korea and the United States. The attacks began over the July 4th weekend; some of the US sites originally targeted were whitehouse.gov, the New York Stock Exchange, the Washington Post, and the Federal trade Commission. The technique employed is called a Distributed Denial-of-Service [DDoS] attack; it employs a large number of computers, typically individuals’ PCs that have been taken over by malicious software, to flood the target sites with mroe traffic than they can handle. Brian Krebs of the Washington Post has a blog post about the attacks.
There have been some suggestions that North Korea has somehow orchestrated this attack. Although the suggestion is to some extent plausible, I have not been able to find any actual evidence of that from public sources. The attacks have been relatively modest in scale, and are not terribly sophisticated:
Officials and computer experts in the United States said Wednesday that the attacks, which began over the July 4 weekend, were unsophisticated and on a relatively small scale, and that their origins had not been determined.
It appears that something like 60,000 hijacked PCs are involved; again, this is not particularly large in comparison to some past attacks.
Although there is a tendency for some sections of the media to hyper-ventilate about any incident like this, I think there are a couple of things to keep in mind. First, no essential functions of the government of either the United States or South Korea have been significantly degraded. The attack is a nuisance and a problem, but not a catastrophe. The economy of the US, troubled though it is at the moment, is not critically dependent on the operation of the White House Web site. As John Bambenek at the SANS Institute puts it,
However, the key takeaway is that the governments of the US and S. Korea are still working and still operational. They do not rely on their public facing websites to work.
Second, this attack does not use any fancy new technique; it appears to be a variant of a computer worm affecting Windows PCs called “MyDoom”, which first appeared in 2004. Users running Windows that exercise ordinary caution (don’t click on links in unsolicited E-mail, and don’t open unexpected attachments), and have reasonably up-to-date anti-virus software probably have little to worry about.
[…] on Cyber-Attacks Now that a few days have passed since the initial cyber-attacks on US and South Korean Web sites, folks in the security community have managed to collect more […]