Government officials reported earlier today that a distributed denial-of-service (DDoS) attack was directed at the Web sites of several US government agencies, and that the attacks likely started after July 4th. Officials have also been able to determine that the attack likely originated from North Korea, and that a botnet of likely over 50,000 infected systems were used to take part in the attack. Here’s the official word:
A botnet composed of about 50,000 infected computers has been waging a war against U.S. government Web sites and causing headaches for businesses in the U.S. and South Korea.
The attack started Saturday, and security experts have credited it with knocking the Web site of the U.S. Federal Trade Commission (FTC) offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the U.S. Department of Transportation (DOT).
With that out of the way, many government agencies have been reporting the issue as a major incident, calling it “complex” and “sophisticated,” and it’s kind of disturbing that we’ve learned so little from the greater virus incidents earlier in the decade to use those adjectives to describe this. The attacks have been on-going, and definitely have utilized a modestly sized botnet, but this type of work indicates a potency and level of effort that I think we’ve come to expect from North Korea in other regards: good for getting our attention, but not for much else.
DDoS attacks are relatively harmless when the target doesn’t drive revenue from its Web site or services, and are fairly easy to orchestrate. Additionally, there’s no indication that the North Koreans were responsible for amassing the botnet, were hijacking someone else’s, or perhaps worst of all (but most likely) were customers of a hacker-for-hire ring, some of which are known to sell or rent their botnets to anyone with some spare cash.
There will likely be calls for the US government to strengthen its cybersecurity posture after these attacks, and while I invite any money being invested in technology security, disaster recovery, and business continuity by any organization, I hope logic wins the day against fear.