UK, Not North Korea, Is Source of DDoS Attacks 175
angry tapir writes "The UK was the likely source of a series of attacks last week that took down popular Web sites in the US and South Korea, according to an analysis performed by a Vietnamese computer security researcher. The results contradict assertions made by some in the US and South Korean governments that North Korea was behind the attack. Security analysts had been skeptical of the claims, which were reportedly made in off-the-record briefings and for which proof was never delivered." The Vietnamese security site's blog is linked from the article, but it is very slow even before Slashdotting. The researchers observed 166,908 zombies participating in the attacks — a number far larger than most earlier estimates.
Update: 07/14 21:24 GMT by KD : Wired is reporting that the UK owner of the IP address in question is pointing a finger at a server in Florida, which it says opened a VPN to the UK machine for the attacks. Once again, the attacker could be anywhere.
Update: 07/14 21:24 GMT by KD : Wired is reporting that the UK owner of the IP address in question is pointing a finger at a server in Florida, which it says opened a VPN to the UK machine for the attacks. Once again, the attacker could be anywhere.
If true (Score:5, Interesting)
If true, this is kind of like the time the US accused North Korea of creating really authentic-looking counterfeit 100 dollar bills, and then it turned out that they are probably coming from within the US - possibly from the CIA to fund covert operations.
I hate to say it, but maybe Kim Jong Il isn't crazy when he claims the Western governments are part of a big conspiracy to falsely ruin his image (hah!)
A similar discussion occured here on /. previously (Score:5, Interesting)
In April of this year, the NYPD accused hackers in China, and some in the government and media even accused the Chinese government of being involved, in the hacking and disruption of the NYPD computer system. However many posters in the /. comment sections of the posted story theorized that the hacking was not originating from China but rather from a hacking group operating out of New York but fooling the NYPD using 'bot herding'.
I'm not familiar with how to operate and disguise a botnet to look like your hacking from IPs from another country, I would guess that you just infect a group of computer abroad, and run a botnet from there. Here's the original post on /. with comments modified to 4. Just scroll down and you can find posters discussing how the NYPD and U.S. government had misidentified who the hackers probably were.
http://slashdot.org/comments.pl?threshold=4&mode=flat&commentsort=0&op=Change&sid=1209793 [slashdot.org]
Here's the comment that I remembered the most where the user specifically wrote that the hackers were operating most likely within the U.S. and not in China.
http://slashdot.org/comments.pl?sid=1209793&cid=27694281 [slashdot.org]
I guess until governments learn how to trace hackers properly we are going to be seeing more and more of these stories.
Re:However.... (Score:3, Interesting)
You can't spoof an IP thru a router you don't control.
The router immediately upstream of your bot always knows where the packet came from regardless of what IP you might try to force into said packet.
Regardless of Country of origin (Score:4, Interesting)
I would think once it was determined that this was not a State sponsored attack, they would stop making such a stink over what country the attacks originated from. Hacking has been going on for 20 + years now, and it has never been a real concern before on the country of origin because State sponsored hacking was such a negligable issue that it was commonly overlooked. I do understand that Russia may have sponsored attacks on Georgia, and maybe China has hacked Taiwan and vice versa, but I mean, short of a concerted Government led effort, I would take this as just another case of Bot Net owner playing with his toys. Not as a sign of intra Governmental hacking as a precursor to some sort of overt warlike effort beginning.
Re:Oh? (Score:3, Interesting)
Evidence is only as good as the people obtaining it.
No, it is only as good as the number of people who will believe it.
Re:Acronym peeve (Score:2, Interesting)
British/Australian journalists might be a bit more flexible with the language. You can say 'Nato' and 'Nasa'. They've practically become words in their own right. This isn't the case for DDoS and PC though. You can't pronounce them as anything other than initialisms, which is exactly what they are. It's only an acronym if it forms a word. KGB, CIA, KFC - initialisms. LASER, SCUBA, SeAL - acronyms.