Last week, news of a run of Denial of Service (DOS) attacks on South Korean and United States’ government websites was announced. Almost immediately, blame for the attacks was being placed on North Korea and North Korean servers, probably due to some of the escalating tensions between the U.S./South Korea, and North Korea. It is really easy to make such connections, and often speculation disguises itself as fact when these news reports were circulated.
But today it was announced that the attacks actually originated in the U.K. and involved ‘bot computers in 68 countries all reporting back to the main computer in the U.K. This information was released today by Hanoi-based Bkis at the request of APCERT, the Korean Computer Emergency Response Team. APCERT is part of a larger organization of watchdog teams in Southeast Asia/Pacific that tracks and analyzes data streams and attacks that originate, or are focused on, that particular region of the world.
It is easy enough to place blame with assumptions. It happened in Oklahoma City when we blamed foreign terrorists for the Murrow Building bombing, only to find out later that it was domestic terrorism. While it is important to spread information about events that impact national and computer security, it is just as important to spread truthful information. And in the case of these most recent DOS attacks, there is no direct evidence at this point linking North Korea to the attacks. And until there is, we shouldn’t be pointing fingers of blame.
Blix has turned their results over to the U.K. and U.S. governments for followup.