Despite evidence that a British company's servers unleashed a recent wave of cyberattacks against U.S. and South Korean government and commercial Web sites, cybersecurity experts say it's hard to find a smoking gun in cyberspace's murky environs.
A South Vietnamese security company, according to the U.K.'s Times Online, traced the distributed denial of service (DDoS) attacks to a server at Brighton-based Global Digital Broadcast at the behest of the South Korean government.
But even the Korea Communications Commission isn't sure that server is where the attacks originated
"The (British) server appears to have controlled compromised handler servers" which spread viruses, Park Cheol-Soon, a network protection team leader of the government-run communications commission, told Agence France Presse."However, it needs more investigation to confirm whether this server was the final attacker server or not."
South Korea originally blamed the cyberattacks on North Korea, and servers in Miami and New Jersey have also been implicated in the cyberattack. The finger-pointing and various servers allegedly used has only added to the confusion.
As The New York Times points out yesterday, there's a reason for that: on the Web, it's relatively easy for all but the most amateurish of cyberattackers to shield where the attack originated.
Cyberwarfare specialists cautioned this week that the Internet was effectively a “wilderness of mirrors,” and that attributing the source of cyberattacks and other kinds of exploitation is difficult at best and sometimes impossible. Despite the initial assertions and rumors that North Korea was behind the attacks and slight evidence that the programmer had some familiarity with South Korean software, the consensus of most computer security specialists is that the attackers could be located anywhere in the world.
“It would be incredibly difficult to prove that North Korea was involved in this,” said Amrit Williams, chief technology officer for Bigfix, a computer security management firm. “There are no geographic borders for the Internet. I can reach out and touch people everywhere.”
According to the Times, the only hope of tracing this cyberattack back to its authors is if they got sloppy, which is exactly what security researchers believe. First, the botnet of compromised computers only numbered around 50,000—small by professional botnet standards. Second, researchers say the program written to command the zombie network of computers was indeed amateurish.
Jose Nazario, manager of security research at Massachusetts-based Arbor Networks, told the Times last week “The code is really pretty elementary in many respects .... I’m doubting that the author is a computer science graduate student.”
Nevertheless, Hong Min-Pyo, president of security solution provider Shiftworks, told AFP on Wednesday that it would be nearly impossible to determine who initiated the cyberattack.
"DDoS attacks are designed to hide the attackers," he said.
♦ Photo by Scott Beale/Laughing_Squid/Flickr