Root-Server Attack Traced to South Korea, U.S.

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.washingtonpost.com/wp-dyn/articles/A46872-2002Oct31.html

By Brian Krebs
washingtonpost.com Staff Writer
Thursday, October 31, 2002

Last week's attacks on the Internet's backbone likely emanated from
computers in the United States and South Korea, FBI Director Robert
Mueller today said.

"The investigation is ongoing," Mueller said at an Internet security
conference in Falls Church, Va. He did not offer more details on the
investigation, nor did he outline the evidence investigators have
gathered so far.

Last Monday, a distributed denial of service (DDOS) attack struck the
13 "root" servers that provide the primary road map for the Internet.  
A subsequent and possibly related attack targeted the "name" servers
that house Internet domains like dot-com and dot-info.

East Asia is a major source of cyber crime and computer attacks, in
part because of the relatively high number of broadband users in the
region's countries. High-speed Internet service is essential to DDOS
attacks, in which hackers use dozens -- and often hundreds -- of
commandeered computers to overwhelm targeted networks with a flood of
Internet traffic. South Korea boasts nearly as many broadband users (8
million) as the U.S. and has more broadband connections per capita
than any other country.

"We've tracked a total of at least 80,000 zombie machines in South
Korea that are trivially exploitable and usable for these kinds of
attacks," said Johannes Ullrich, chief technology officer for the
Internet Storm Center, which tracks the source and type of
cyberattacks worldwide. "These are machines that have ready-made back
doors that allow them to be used to target other networks."

According to several recent studies, only the United States surpasses
South Korea as an origin of computer attacks.

Such statistics don't necessarily prove the actual source of cyber
attacks, since attackers frequently can mask their identities and
locations.

But armed with the right technology, investigators can frequently
identify the Web addresses of computers used to issue or direct the
zombie computers to attack their target, said Alan Paller, research
director for the SANS Institute, a nonprofit computer security
research and training group.

"Investigators can often trace these attacks with the right kinds of
tools," Paller said. "This kind of tracing can be hard to do during
the attack, but can often yield results after the fact."

Mueller's remarks today came in a speech in which he encouraged
private industry to cooperate with law enforcement in fighting cyber
crime. He also discussed his agency's likely role in cyber security
under a newly formed homeland security agency.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.