Cyberattacks against US, S. Korea signal anger – not danger

The strikes aim to make a high-profile political point, not inflict widespread damage.

Employees of the Korea Internet Security Centre work to protect hacker attacks in Seoul Wednesday, the day that South Korean authorities issued a cybersecurity warning after the Web sites of government agencies and financial institutions were disabled by apparent hacker attacks, possibly linked to North Korea.

Lim Hun-Jung/Yonhap/REUTERS

July 9, 2009

Think Boston Tea Party, not the Battle of Bunker Hill, when it comes to the latest cyberattack against South Korean and American websites.

The type of attack involved – a "distributed denial of service attack" (DDOS) – is neither terribly sophisticated, nor, in this case, particularly damaging, say cybersecurity experts. The effort and impact rank lower than other high-profile international DDOS incidents over the past three years, such as in Estonia and Georgia.

More worrisome attacks tend to be stealthy, and involve breaking into machines and either taking information or taking control. Denial of service attacks often have the opposite goal: To make a highly visible political point.

Militaries around the world are pouring more resources into cyberwarfare, including the US, which inaugurated a first-ever cybercommand last month.

But not all cyberattacks – even ones potentially launched by governments – are best thought of in terms of warfare. The attacks on Estonia and South Korea, for instance, might best be thought of as the 21st-century equivalent of banging a shoe at the United Nations.

"These are more like protests in the street, where an angry mob might burn you in effigy," says Jose Nazario, a cybersecurity expert with the Boston-area Arbor Networks. "If your motives are to register your frustration or anger, this is very commonly used throughout the world to do that."

Why N. Korea is suspected

These types of attacks are so easy to pull off that rival hackers – Israeli and Arab, Chinese and Japanese – often launch them as expressions of jingoism. The attacks on Estonia, Georgia, and now South Korea and the US have splashed into the headlines because of suspicions that a government ordered the attacks against a rival state.

In this case, the suspicion falls on Pyongyang, for no other reason than the selection of targets and the timing, says Mr. Nazario. The attacks began July 4, coinciding with North Korea's launch of missiles in a show of international defiance. Nazario says the attacks are still continuing: "We are trying to figure out what the next wave will look like."

He and others are also trying to trace the origins of the attacks, spread by a variant of the years-old MyDoom virus. But it's notoriously hard to do that.

"We need to take into consideration that somebody's kid across the world can cause us [this kind of] trouble, so we have to treat this as an international problem," says Gadi Evron, a former Israeli government Internet security monitor who now consults in Israel. He helped Estonian officials deal with their 2007 cyberattack. "I don't think we should think of it as a military thing, period."

The notion of retaliation also strikes Mr. Evron as problematic.

Not only is it difficult to establish whom to blame, a counterattack along the same lines simply harms the whole Internet. In many cases, that means a counterstrike in kind would harm the more developed economy involved.

"We cannot afford to create this situation, they can," he says.

Cyberattacks to sow confusion ahead of military action?

That's not to say there are no real cybersecurity threats worthy of military attention, says Evron and others.

"There is a lot of strategy discussion surrounding whether [a cyberattack] would amount to an act of war, but this particular attack did not meet any of these thresholds, by any means," says Johannes Ullrich, the head of research at the SANS Internet Storm Center based in Bethesda, Md.

The cyberattack on Georgia was followed in short order by a conventional military invasion by Russian forces.

In the future, such denial of service attacks could be more closely timed with the rolling of tanks to knock out communication systems and sow confusion.

Then, too, the choice of DDOS targets could become more dangerous.

Many of these attacks so far, including this latest, have shut down government websites that serve little more than propaganda purposes.

As countries begin to rely more heavily on their Internet infrastructure for critical communications and utility systems, however, the shutdowns could be more devastating.

"When these guys figure out where the vulnerable or interesting points are, and point their weaponry there, then [militaries] are going to be concerned about that kind of thing," says Nazario.

--

Follow us on Twitter