Expert says hacking may have started in the South

The July cyber attacks that paralyzed key South Korean government Web sites were politically driven operations that may have started in South Korea rather than in North Korea, according to a U.S. security expert.

In a report obtained by the JoongAng Ilbo, Christopher Jordan, vice president of network intelligence at the computer security firm McAfee, argued that the July 7 cyber attacks are suspected ‘hacktivism’ actions.

The paper, titled “Briefing on Korean DDoS Attacks,” was presented at the recently-concluded Defcon Hacking Conference in Las Vegas.

Jordan concluded in his report that the recent DDoS, or distributed denial-of-service, attacks, which generated a huge volume of traffic to overwhelm and freeze Web sites, might have been politically motivated. Hacktivism is a blend of the words “hack” and “activism,” and refers to the use of digital means to achieve political and ideological goals.

According to Australian hacker Julian Assange, the earliest form of hacktivism attacks date back to October 1989, when systems at the U.S. Department of Energy and the National Aeronautics and Space Administration were infiltrated by the anti-nuclear Worms Against Nuclear Killers (WANK) worm.

Jordan pointed to the fact that the first round of attacks took place on July 4, Independence Day in the United States and also the day North Korea launched a salvo of missiles. Jordan argued that the DDoS attacks caused only minor damage to the South Korean government or corporations, and that the July attacks were merely a test for a potentially much bigger onslaught.

Contradicting the South Korean claim that North Korea initiated the offensive, Jordan said the DDoS attacks likely originated in South Korea and that there’s no technical evidence to suggest the North was involved.

He said more than 90 percent of the zombie computers - those that were infected with malicious code without the users’ knowledge and became the source of the cyber offensive - were from South Korea.

Jordan also noted that it was mostly South Korea’s personal computer users and its government institutions that suffered loss of their data. In the aftermath of the cyber sabotage, intelligence authorities said they had evidence that North Korea was responsible. Other security experts at the conference warned against even more serious threats that cyber attacks could present. Kevin Mahaffey, founder and chief technical officer of the U.S. firm Flexilis, said the July offensive in South Korea demonstrated how much cyber terrorism has improved over the years.

By Kim Jin-kyung [jeeho@joongang.co.kr]