Security News > 2009 > July > South Korea's government had advance warning of the DDOS attack in the U.S.
http://english.hani.co.kr/arti/english_edition/e_national/365242.html The Hankyoreh July 11, 2009 It has been revealed that the South Korean government knew in advance that the distributed denial of service (DDOS) attacks that paralyzed web sites for major institutions in South Korea and overseas had begun earlier in the U.S., but did not properly handle the situation. Analysts say this means that the government's sloppy response in effect increased damages resulting from these simultaneously occurring attacks. According to accounts Friday from officials at the Korea Information Security Agency (KISA) and various security companies, the attacks first struck the Web sites of major government organizations in the U.S., including the White House and the State Department, last Sunday, which was July 4 (local time) or during the Independence Day holiday in the U.S. However, the attacks did not deliver much of a blow due to the swift response of U.S. security authorities. The U.S. evaded the cyber attack by boldly blocking data for which access requests were being received from zombie PCs infected with malicious code located in other countries, including South Korea. However, while the South Korean government knew through its Computer Emergency Response Team (CERT) that major U.S. sites were suffering a DDOS attack, it considered the attack to be "something that happens all the time" and therefore, decided to not issue a warning. "The DDOS attacks that occur in one year alone in South Korea amount to dozens of cases," said Ryu Chan-ho, head of the analysis and prevention team at the KISA's Korea Internet Security Center. "We do not worry about the trivial stuff," Ryu added. Major nations throughout the world share and respond in real time to information about cyber attacks and hacking through a network of CERTs, and despite prior knowledge, the South Korean government's belated response to the attack led to an increase in damage and confusion. A security company official who analyzed the malicious code used in the attack says, "The zombie PCs infected with the malicious code began their attack on U.S. sites on July 5th, prior to the attacks on July 7th against 25 sites in South Korea and the U.S." The National Intelligence Service also reported in a meeting of the National Assembly's Intelligence Committee that while "the U.S. took response measures on July 4 and did not suffer much damage, we responded on the evening of the 7th after the situation produced a situation of paralysis." [...] _______________________________________________ Attend Black Hat USA, July 25-30 in Las Vegas, the world's premier technical event for ICT security experts. Network with 4,000+ delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
News URL
http://english.hani.co.kr/arti/english_edition/e_national/365242.html
Related news
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps (source)
- Recently patched CUPS flaw can be used to amplify DDoS attacks (source)
- Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors (source)
- Largest Recorded DDoS Attack is 3.8 Tbps (source)
- New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (source)
- U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks (source)
- South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers (source)
- US charges Phobos ransomware admin after South Korea extradition (source)