Was North Korea behind the DDOS attack?

North Korea's name first came up earlier this week when government officials in the U.S. and South Korea started pointing fingers

The cyberattacks that took down prominent U.S. and South Korean Web sites in the last week have apparently ended but the search for those responsible is only just beginning. North Korea has emerged as a likely culprit, especially among politicians, but was it really behind the attacks?

The country makes a convenient target for blame. After the six-nation talks broke down, the country reneged on its pledge to halt nuclear development and has been rattling the cages of the U.S. and South Korea with a nuclear test and several short and medium-range missile launches. The latest launches, of seven missiles, were taking place as the cyberattacks began on prominent U.S. Web sites on July 4 -- the country's Independence Day holiday.

North Korea's name first came up earlier this week when government officials in the U.S. and South Korea started pointing fingers, but none was willing to go on the record -- typically a hint that the information might not be proven. Nevertheless, the reports gave added validity to the notion that North Korea was behind the DDOS (distributed denial of service) attacks and the suspicion began to feed off itself and grow.

On Friday, South Korea's National Intelligence Service (NIS) said in a private briefing for lawmakers that a division of the North's army was to blame, according to attendees quoted by local media. The NIS has yet to make a public statement on the matter.

Security researchers aren't so sure.

"The timing is auspicious, but none of the data I have suggests North Korea," Jose Nazario, a senior security researcher at Arbor Networks, told CSO earlier this week. Joe Stewart, director of director of SecureWorks' counter-threat unit, told Computerworld, "There's nothing in there to suggest that it's state sponsored."

"Still zero evidence of North Korean involvement," said Stewart when contacted Friday for an update.

Could North Korean even launch such an attack?

The country is generally technically backward. There are just over a million telephone lines installed in the country of 26 million people, home PCs are rare and Internet access is heavily restricted, but advancing in IT has been one of the nation's prime goals since supreme leader Kim Jong-Il made it so at the turn of the century.

Most of North Korea's IT expertise is centered on the Korea Computer Center, Kim Il Sung University and Kim Chaek University of Technology. There, students study computer programming, have limited Internet access and, according to some experts, are fed into the Kim Il-Sung Military Academy where they receive specialist cyberwarfare training.

Those who've seen North Korea's IT expertise have been generally impressed by its level of sophistication. In a report in 2004 South Korea's Defense Ministry warned that North Korea was training as many as 600 hackers and its level of competence had already reached that of advanced countries.

North Korea's sophistication in hacking makes it less likely to be behind the attacks, said some researchers. The code used in the attacks was based on the MyDoom virus from several years ago and there's no attempt to get around antivirus software -- surely something an attack by knowledgeable programmers would do.

Even if it was behind the attacks, spotting North Korean Internet traffic can be a tricky business.

While the country has its own block of IP (Internet Protocol) addresses, none of them are apparently in use and the few North Korean Web sites that exist on the Internet are almost all located in China or Japan.

Instead, connectivity for the country comes via connections to Chinese providers and that would make the traffic appear as Chinese. It would only be with more careful analysis of the individual addresses in use that it might be possible to suspect North Korean data.

To date there's no hard evidence of where the attacks came from, so no party can be ruled out. The governments of other nations, which are almost certainly all involved in the same, murky world of cyberespionage, do their best to hide their tracks, so why wouldn't North Korea do the same?

The true origin of the week's attacks is likely never to be known, but one thing's for sure: As the world comes to rely more and more on the Internet and computers, they won't be the last.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags north koreaddos

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Martyn Williams

IDG News Service
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >




Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?