If you’re a TechStuff listener, you’ve heard Chris and me talk about how it can be difficult to track down the origin of a cyber attack. If the attackers have just a few basic skills, they can route an attack through a series of servers that can make it a challenge for investigators to backtrack. Even if you track the attack back to a geographic location, there’s no guarantee the person committing the attack was doing so on any kind of official basis. It may have just been a lone malicious hacker (commonly known as a cracker) stirring up trouble.
You may have heard the news that Web servers in the United States and South Korea were hit by distributed denial of service attacks (DDoS) last week. To perform a DDoS, a cracker must first trick innocent victims into downloading malware designed to exploit security vulnerabilities in the victim’s computer. Once the cracker has access to an army of computers — otherwise known as a botnet or zombie computer army — he or she can command the computers to send thousands or millions of electronic requests to a target server. The goal is to overwhelm the target server so that it shuts down.
When last week’s attacks made the news, some people began to speculate that the origin of the attacks was North Korea. I had one listener contact me and ask if I thought North Korea hackers were responsible. I replied that I didn’t have enough information and that to guess at the origin was a bad idea because I’d bring personal bias into it. I advised that we should wait and see if security experts could get more information.
It turns out that was a good call. According to Martyn Williams at Computer World, security analysts say the attacks originated in the United Kingdom. The offending code was the MyDoom virus, which has been around for a few years and isn’t terribly sophisticated. The perpetrator may not even be a real cracker. Viral code is freely available on the Internet — you just have to know where to look. You don’t need to know how to build the code yourself. All you have to do is tweak the code a little, find a place to host the malware and convince people to download it. Hackers call people who use existing code to cause trouble script kiddies. Script kiddies often don’t know how to build code — they just want to cause trouble. It looks like these attacks weren’t part of a North Korean initiative to shake things up while testing missiles.
I think it’s very important to avoid jumping to conclusions in the wake of a cyber attack. I’ve seen editorials on the Web suggesting the United States should strike out in a cyber attack of its own against North Korea based upon the premise that the United States was attacked first. But if the attacks came from the United Kingdom and are the result of some jerk messing around on a computer, an attack on North Korea would be completely unjustified. Let’s use patience and critical thinking before we rush toward a confrontation. Surely we’ve learned by now that acting before we have all the information isn’t the best policy.
Learn more about hackers, crackers and things that go bump on the Web at HowStuffWorks.com:
How Hackers Work
How Computer Viruses Work
How Zombie Computers Work
Is cybewar coming?
10 Worst Computer Viruses of All Time
Posted in Feature: Home, TechStuff Tagged: cyber war, DDoS attacks, distributed denial of service attacks, hackers, MyDoom virus, north korea, script kiddies, south korea, United States
