KIM CHI IN THE INTERTUBES by Charlie Martin

Let’s get the news out of the way first, so we can move right along to the (hopefully informed) speculation.

The news came out today that there has been a relatively large-scale attack on a number of websites – a lot of web sites, and that’s interesting in itself – including a number of US government sites and an odd selection of other sites, like several major newspapers and the New York Stock Excahnge. At the same time, there were major attacks on a number of systems in South Korea, which led to speculation, given the timing and the targets, that the attacker was the DPRK, North Korea.

The mechanics of the attack are simple: a “DDoS” or “distributed denial of service” attack. This simply means that the basis of the attack is to flood a system or web site with so many malicious requests for service that it’s impossible for the system to handle legitimate requests. That’s the “denial of service” part.

The “distributed” part means that it’s not just one attacker system making the malicious requests, but many systems.

Where do all these attacking systems come from? Not from buying them on eBay – instead, the attacker sites are almost certainly zombies, computers that have been infected with a malicious viral or worm-like program that lurks on an under-protected computer until called to do the nefarious bidding of the zombie-master, who could be anywhere on the Internet. The zombies spread through the Internet by looking for unprotected systems and infecting them. Infected systems then start looking for other systems to infect. Almost all of the infected systems are running Windows, and there are so many zombies in the wild already that an unprotected Windows machine, put naked onto the Internet, will be infected within minutes.

That’s how it happens. But why?

First off, it’s not to demonstrate the North Koreans’ technical sophistication, except possibly in Kim Jung Il’s fevered imagination. As you can see from the description, the level of technical sophistication required is about the same as having a bunch of people call a radio show with canned talking point to keep others from calling in. Writing a bot is not a lot more difficult, although it takes some programming skill and a good bit of Windows knowledge. Whoever the perpetrator is, though, doesn’t need to write his or her own bot, because bots — and even active bot networks — are easily available on the Internet. I’m told that you can even rent a zombie network if you know where to ask.

Second, this attack probably wasn’t intended to cause anything more than some annoyance. We know this because of the breadth and variety of the sites being attacked. Some of the sites being attacked, like the White House website, are carefully protected; others, like the Department of Defense, are pretty careful not to have anything exceptionally important on a network accessible from the outside world. If there were any intention of bringing a site down, the attackers would concentrate their forces.