North Korea Waging Cyber Warfare?

Main Spy Agency in South Korea says North a Likely Suspect on Attacks Targeting U.S. Government Sites

(CBS/AP)  Last Updated 8:00 a.m. Eastern.

North Korea, which has been firing missiles and spewing threats against the United States, has been identified by South Korea's main spy agency as a suspect in the cyber attacks targeting government and other Web sites in the U.S. and South Korea.

North Korea is not known for its computing prowess, but experts said such attacks would be easy - and cheap - to mount by hiring outside help.

The attacks began paralyzing Web sites in the U.S. over the July 4 U.S. Independence Day holiday weekend and in South Korea on Tuesday and Wednesday.

A state official said Thursday that seven South Korean Web sites were under renewed cyber attack. Ku Kyo-young, from the state-run Korea Communications Commission, said the latest assault began around 6:30 p.m. (5:30 a.m. EDT) Thursday.

He said one of the affected sites belongs to the government, the other six are private. Some are still working normally despite the attacks.

South Korea's National Intelligence Service told members of parliament's intelligence committee Wednesday that Pyongyang or its sympathizers were believed to be behind the attacks, according to aides to two of the lawmakers. They spoke on condition of anonymity given the classified nature of the information.

The spy agency declined to confirm the information provided by the aides but said in a statement that the sophistication of the attacks suggested they were carried out at a higher level than just rogue or individual hackers.

The attacks were thoroughly prepared and appeared to have been committed by hackers "at the level of a certain organization or state," the statement said. It did not mention North Korea by name.

U.S. authorities also eyed North Korea as the origin of the trouble, though they warned it would be difficult to definitively identify the attackers quickly.

Three officials said that while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved Kim Jong Il's government in Pyongyang. They spoke on condition of anonymity because they were not authorized to speak publicly on the matter.

Seoul-based antivirus software developer AhnLab said it has analyzed a virus program that sent floods of Internet traffic to paralyze Web sites in the two countries. It predicted that sites in South Korea would be targeted in a new wave of attacks from 6 p.m. Thursday, spokeswoman Hwang Mi-kyung said.

There does not appear to be any evidence that North Korea has ever made overt cyber threats. South Korean media reported in May that the North was running a cyber warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service.

The finger-pointing at North Korea comes as the communist nation has engaged in a series of threats and provocative actions widely condemned by the international community.

In early April, Pyongyang fired a long-range rocket it said was a satellite but that landed in the Pacific Ocean after flying over Japan. Later that month it threatened to launch an intercontinental ballistic missile and in May carried out an underground nuclear test, its second since 2006.

Last month, the North threatened a "thousand-fold" military retaliation against the U.S. and its allies if provoked.

Then, on July 4, North Korea fired seven ballistic missiles several hundred miles into waters off its east coast in violation of U.N. Security Council resolutions. The launches were its biggest show of missile force since it fired seven missiles while Americans were celebrating Independence Day in 2006.

The latest missile launch came amid speculation, largely driven by a Japanese newspaper report, that North Korea might launch a long-range missile toward Hawaii to coincide with the U.S. Independence Day holiday. U.S. and South Korean defense and intelligence officials, however, said there was no evidence the North was preparing such a launch.

North Korea, an impoverished country that relies on outside aid to feed its people, is not generally regarded as being in the upper tier of cyber-savvy nations like the U.S., South Korea and Japan. Still, it has been encouraging its citizens to embrace more technology, though it's unclear how many North Koreans have access to computers and Internet access is tightly controlled.

So could the North have carried out such an attack - or hired others to do it?

"That is very possible because those attacks are not very complicated," said Andre Rickardsson, an information technology security expert at Sweden's Bitsec Consulting. "North Korea is a country that sends up rockets and builds nuclear weapons, so why not build a virus? It's not difficult."

Paul Cornish, director of the International Security Program at the Chatham House think tank in London, agreed. "You don't need to amass great armies, it can all be done covertly and cheaply," by hiring outside expertise, he said.

For that, suspicions fell on China, Iran or even organized crime.

Andrew Brookes, a defense analyst with the International Institute of Strategic Studies in London, said countries like Iran and North Korea, as well as terrorist groups, are devoting increasing amounts of resources to cyber and electronic warfare.

"They can't take the West on with conventional tactics, like big armies, big air forces or big navies. Instead, they are trying to look to cheaper activities - ballistic missiles, work in space, or cyber attacks," he said.

There is likely some collaboration between North Korea, Iran and others on cyber warfare technology, Brooke said, but added that the likeliest culprits in the attacks are small-scale computer hackers rather than hostile governments.

"The choice of targets suggests that whatever group is doing it is sympathetic to North Korea," said Gene Spafford, executive director of Purdue University's Center for Education and Research in Information Assurance and Security.

This could include a "for-hire criminal group paid for by North Korea or sympathizers who could be anywhere in the world, including in South Korea, China, or even the U.S," he said.

The outages were caused by so-called denial of service attacks in which floods of computers all try to connect to a single site at the same time, overwhelming the server that handles the traffic, the Korea Information Security Agency said.

In South Korea, 12 sites were initially attacked Tuesday, followed by attacks Wednesday on 10 others, including those of government offices, banks, vaccine firms and Web portals, agency official Shin Hwa-su said.

The targets were all sites that could be accessed by the public, including the presidential Blue House, the Defense Ministry and some banks.

The U.S. targets included the White House, Pentagon, State Department, Treasury Department, Homeland Security and National Security Agency, as well as the New York Stock Exchange, Nasdaq stock market and The Washington Post.

Kim Yong-hyun, a professor at Seoul's Dongguk University and an expert on the North, said Pyongyang is believed to have advanced computer technology because the regime has put a key focus on information technology as a way to overcome its economic difficulties.

The country's absolute leader, Kim Jong Il, has been a force behind the push, saying those who don't use computers are among the "three main fools of the 21st century," along with smokers and anyone who doesn't appreciate music.

"If North Korea is found to be behind these attacks, it could mean that it tried to show the U.S. and the South that it has not only military capabilities, but also cyber capabilities to paralyze key facilities," said Kim, the professor in Seoul.

South Korea's main opposition Democratic Party accused the spy agency of leaking unconfirmed information in an attempt to build public support for a set of anti-terrorism bills that have been pending for months in the National Assembly amid opposition objections.

The opposition party claims the anti-terror bills would give the spy agency too much power and could be used as a tool to infringe upon human rights.

Peter Sommer, an expert on cyber-terrorism at the London School of Economics, cautioned against coming to quick conclusions as any instigator would disguise where the attacks were coming from.

"Initial diagnoses are often wrong," he said.

[BurzumNazgul]

Attacks like this are very easy with an established botnet. (A botnet is a collection of computers infected with a 'bot' which is a type of virus/trojan that gives a hacker the ability to issue commands to the infected system.) Denial of Service Attacks are one of the most basic attacks. Pretty much, you flood a web site with requests so that it cannot serve legitimate requests.

All that is just to say that there are many many botnets around the world and that an individual with access to one could pull this off fairly easily with a low risk of being caught. Unlike the movies it doesn't have to be a room full of bad guys with super computers. One person can issue the command from Starbucks on a $400 laptop and sit back while the botnet does it's work.

[gravyboat4000]

Some kids got bored with their Wii.

I say, we waterboard 'em, to get their cheat codes, and stuff.

[fedupredneck]

Is everyone ready for WWIII? Its coming. We can't be the world police forever.

[zonkzilla]

All they did was clog up the public access to those agencies with emails etc. using trojans planted on computers around the world No big deal. Happens all the time. Some geeks are dancing around happy knowing they made the headlines with their pathetic actions.

[jetranger7]

Well everybody also needs to be aware and alert of any "Suspicious" E-Mails your not familar with, and also just because it says windows, doesn't mean its really a windows generated E-Mail or message, could be a secret virus attack or un-suspecting Trojan,, just because you Think you have a Security program on your Computer installed , such as mcaffee or Norton or any of those doesn't mean that they or any other hacker who knows what he's doing can't secretly overwrite a program to get in,,, and totally mess up your computer or be able to send messages or use your compter to hack into other computers,,,, so everybody needs to just take x-tra precaution and not get in a hurry to read your messages, best advice , if your not 100% sure who its from don't open it and if it looks like an advertisement,, definetly don't open it,,,,,