중앙데일리

Mystery surrounds hackers’ identity

Officials offer no comment on possible link with North

July 17,2009
Who are the mystery hackers?

For the moment, no one is entirely sure who set up and executed the attacks on government and corporate Web sites in South Korea and the United States on July 7 and 8.

Initially, South Korea’s National Intelligence Service claimed North Korea was the mastermind of the distributed denial-of-service, or DDoS, assaults.

One possible clue, or possibly a red herring, emerged on Wednesday. The Korea Communications Commission and the Korea Information Security Agency announced that the master server, or control tower, of the massive attack was “deemed to be located in Britain.”

The tip-off came after Bkis Internet Security, a Vietnam-based firm, said it had identified eight servers that controlled the so-called zombie computers and had learned that they were taking orders from a ninth machine apparently based in Britain.

DDoS floods Web sites with requests from a collection of zombie computers, making them inaccessible to the public.

Hackers create zombies by remotely hijacking vulnerable computers via e-mail or malicious codes without the owners’ knowledge. The zombies are known to be controlled by a master server.

But not everyone agrees with the apparent British link. The Financial Times reported yesterday in its Asia edition that sub-servers of the attacks took orders from a master server controlled by a virtual private network in Florida belonging to a business partner named Digital Latin America.

The firm is under business partnership with Global Digital Broadcast in Britain and although the computer owned by GDB was located in Britain, the supposed control server was in Florida. “There’s been no consensus on the most basic questions, including how the perpetrators issued commands to the computers used in the attacks,” said the FT article.

Korea’s communications commission, a unit spun off from the now non-existent Information and Communication Ministry, has yet to come up with any official stance following the FT article.

“We are still probing the case,” said a spokesman. Asked if the investigation still lists North Korea as a possible perpetrator, an official at the information protection team declined to comment.

Web sites at 11 government agencies, banks, portals and private businesses including the Blue House and the Defense Ministry were compromised from the night of July 7 until the next day. Fourteen U.S. government sites, including those of the White House and the New York Stock Exchange, were also knocked out during the same period.


By Seo Ji-eun [spring@joongang.co.kr]


dictionary dictionary | 프린트 메일로보내기 내블로그에 저장