Cyber attacks may not have come from North Korea

SAN FRANCISCO (Reuters) - Cybersecurity analysts raised doubts on Wednesday that the North Korean state launched recent attacks on U.S. government and South Korean websites, saying industrial spies or pranksters could be the villains.

North Koreans take part in a mass rally marking anti-U.S. Day at Kim Il-sung Square in Pyongyang on the 59th anniversary of the start of the Korean War, June 25, 2009. The banner reads, "Crush the nuclear war provocation and manoeuvres by the U.S.!" REUTERS/KCNA

More than two dozen websites in the United States and South Korea, including that of the U.S. State Department, were attacked in recent days.

South Korea’s spy agency has said North Korea may be behind the attacks, while the U.S. government has said it is too soon to make such claims -- and Internet security experts agree.

The implications of a state-sponsored attack are severe, said SecureITExperts’ Mark Rasch, who led the U.S. Department of Justice computer crimes unit from 1983 to 1991.

“There’s no difference between dropping a logic bomb and dropping a TNT bomb in the law of war,” he said, but added that while North Korea could have been behind the maneuvers, they did not appear to be coming from computers physically located in the reclusive Asian country.

“This is not something that your average ‘script kitty’ can do. On the other hand it doesn’t require it to be state-sponsored,” Rasch said.

The relatively simple “denial of service” attacks aim to overwhelm computers with requests for information. They are designed primarily to disrupt systems rather than penetrate and obtain data, analysts said. They are also difficult to trace.

The attacks could have been a “shot across the bow” by North Korea, the computer equivalent of its recent missile launches, but could also have been conjured up by hackers looking to make quick money or secure bragging rights.

They also could mask malicious activity like inserting spyware or malware computer programs that could later be activated, analysts said.


The attacks began on July 4th, the U.S. Independence Day holiday.

But Rodger Baker, Stratfor’s director of East Asia analysis, pointed out the date is also close to the anniversary of the death of North Korea’s founder Kim Il Sung and North Korean missile launches, which might lend some credence to speculation that the country was behind the attacks.

Other analysts shied away from pinpointing North Korea and said the attacks could be financially motivated.

“There’s a trillion dollars in economic losses sustained due to hacking every year, not just financial data theft but also industrial espionage,” Core Security Technologies’ Tom Kellermann said.

“You’re seeing a massive community of mercenaries for hire who are leveraging their computer skill sets, particularly in this global recession, the laid off IT professionals et cetera that are leveraging their attack capabilities and their technological experience to break in and out of systems.”

Analysts struggled to explain why North Korea would launch such an unsophisticated attack. Despite its financial strains, the country has a cyber warfare unit and a “hacking academy,” Kellermann said.

“In our experience, state-sponsored events are under the radar,” said Mandiant executive Mike Malin.

“If you were going to launch a sophisticated attack, you wouldn’t warn people with this kind of attack. This woke up all the network defenders and you lose the element of surprise,” said James Lewis, a fellow at the Center for Strategic and International Studies.

Editing by John O’Callaghan