A series of distributed denial-of-service attacks on American and South Korean websites have been blamed on North Korea.
The Associated Press has claimed that South Korean intelligence officials believe that North Korea or pro-Pyongyang forces in South Korea committed cyber attacks that have hit the websites.
A spokesperson for the state-run Korea Information Security Agency spoke on condition of anonymity citing the sensitivity of the information, but refused to allow the name of the lawmaker he works for to be published. Meanwhile the National Intelligence Service said it could not immediately confirm the report.
Agency spokesperson Ahn Jeong-eun claimed that 12,000 computers in South Korea and 8,000 computers overseas had been infected and used for the cyber attack and said it believed the attack was ‘thoroughly' prepared and committed by hackers ‘at the level of a certain organisation or state'.
Ahn said there were no immediate reports of financial damage or leaking of confidential national information. The alleged attacks appeared aimed only at paralysing websites, she said.
Steve Moyle, co-founder and CTO at Secerno, doubted whether North Korea had the ability to launch this devastating an attack on such a large scale despite its recent ‘aggressive' dealings with the US.
Moyle said: “The question, then, is who would plot and execute this type of strategic hit at two major world governments, as well as some very well-known companies? The answer might be found in a series of cyber attacks that US and UK government organisations endured in the middle part of this decade.
“At the time, both countries were complacent in their security measures, without realising that their actions were being monitored by entities that launched extremely targeted attacks to penetrate their systems. It took two to three years before the details and those purportedly behind the attacks were revealed outside security circles.”
Mikko Hypponen, chief research officer at F-Secure, claimed that the sites that seem to be hurt the most at the moment are FTC.GOV and usauctionslive.com, while other targets such as whitehouse.gov seem to be unaffected.
Hypponen said: “Some sources have linked this attack to the five-year-old Mydoom worm family. Here's what we know of this: a pack of sample files related to this attack has been making rounds between anti-virus labs. One of those files really is a Mydoom variant. We detect it as Email-Worm.Win32.Mydoom.hw. However, we can't find any evidence that this particular file would attack any of the targets currently under DDoS.”