Sifting Through The July 4th Cyber Attack: Experts Explain

This was written by Brynn Koeppen on Friday, July 10, 2009, 16:21.

Although experts believe it could take weeks to find out who hacked into US and South Korean government websites, as well as prominent South Korean Banks and the Nasdaq, considering the timing and the victims of the attacks, North Korea is the prime suspect. 

The denial-of-service attacks slowed down computers and some are reported to have Trojan-malware elements, but overall the attack does not rank high on a global scale, compared with alleged Russian computer attacks on Georgia and China’s alleged use of ‘Ghost Nets’ in Tibet. The Nasdaq website was only down for a day and trading was not effected. White House spokesperson Nicholas Shapiro said the attacks over the weekend “had absolutely no effect on the White House’s day-to-day operations.”  

According to SANS Institute director of research Alan Paller, the malware evoved from an easy to track virus into something that became harder to distinguish from normal and safe internet traffic going into the July 4th weekend. 

“It started as a flood that was easy for network service providers to filter and then went through at least two increases in sophistication so that the flood looks more and more like legitimate traffic,” said Alan Paller. “Network providers have to work much harder to filter out malicious traffic that resembles legitimate traffic.”

The cyber attack stemmed from 10,000 zombie computers connected to botnets. More than a dozen cyber-security companies are now analyzing exactly what happened on July 4th, early reports have indicated a similarity between this attack and the ‘my doom’ malware of 2004. Yet the latest cyber attacks have some new components that caused anti-virus software not to identify the threat. A Trojan component to the virus that has the potential to wipe infected computers hard drives is feared to emerge in the near future. 

Rod Beckstrom, CEO of ICANN and former DHS cyber security center director believe this attack, “probably establishes a new pattern of behavior. If this is them, they are now in the club. And they’re probably only going to get better.” Beckstrom added that he believes this attack was not sophisticated in nature and believes that this most recent attack was a “basic hack job” that could have been launched by just about any tech-savy individual, according to an Associate Press report. 

While other experts believe that this latest cyber event brings insight to the kind of cyber warfare that may emerge in the future. Thomas Tomarchio,  former deputy undersecretary at the Homeland Security Department and current CEO of Nicor Cyber Security believes, “This is not Pearl Harbor. I’m not trying to alarm the country, But we do have a serious intrusion problem.” 

There have also been reports that investigators are currently monitoring foriegn chat rooms as an attempt to figure out who exactly ignited the cyber attacks. No official White House statement regarding the cause of the July 4th attacks has been released. 

So what’s next? Paller  was alarmed because he believes too many federal security professionals did not know which network service provider  connected there computers to the internet, and  ”As a result, DHS or US-CERT will probably establish a non-public registry for federal web sites where they maintain up-to-date information about which providers are responsible for the content because of SQL injection errors that let federal sites infect visitors and the network access so they can act much more quickly to help agencies under attack.”

The attacks last week on the US and South Korea, though minor in comparison, may mark the beginning of the new face of warfare in the technology age. Phil Neray, vice president of strategy  the database security company Guardium may sum it up best,”It’s no longer hackers defacing Web sites to become famous. It’s political cyberterrorism, which is a very serious threat.”