Recent coverage of cyberwarfare has focused largely on the battle raging between the United States-based corporations & its government, and a shadow unit of elite Chinese military hackers. But lest the world’s attention shift too far from the egos of petulant dictators, news of intrigue from the homepeninsula of PSY:
Police and South Korean officials were investigating the simultaneous shutdown Wednesday of computer networks at several major broadcasters and banks. While the cause wasn’t immediately clear, speculation centered on a possible North Korean cyberattack.
There are good reasons to blame the shutdown on North Korea:
The shutdown came days after North Korea blamed South Korea and the United States for cyberattacks that temporarily shut down websites in Pyongyang.
Tensions between the neighboring countries are high following North Korea’s recent nuclear test and U.N. sanctions that followed.
But when you take a moment to examine the evidence, that explanation sort of falls apart:
The Reuters news agency reports that South Korean government investigators haven’t found any evidence yet of an external cyberattack.
Reuters also reports that a major Internet service provider, LG Uplus, says it believes its network has been hacked.
And since when do North Koreans even have computers anyway??
So while the investigation is ongoing, I’ll take this opportunity to explain exactly what I think is going on, and it has nothing to do with cyberwarfare waged by North Korea — or anyone else.
In fact, I would suggest that South Korea is suffering from a unique species of “denial of service”-like attack that also happened to recently afflict a large number of cities in the United States.
I have extensive expertise in computer hackery (in that I am a hack who writes on a computer), so my suggestion that the technique employed in South Korea was “denial of service” has absolutely nothing to do with the fact that it is the only type of hack I could name off the top of my head. My explanation is, at the very least, plausible — so bear with me. According to Wikipedia, from whence my detailed knowledge of DoS attacks:
A “denial-of-service” attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services.
The attack in South Korea has been characterized as a “shutdown”, so we’ll assume it was the type that involves crashing (as opposed to flooding) services.
I don’t know what a root nameserver is (nor do I care enough to click on the helpfully-provided link), but the attack we’re dealing with did affect high-profile web servers, including banks, so: so far so good.
One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable.
This final piece of information is the one crucial to my analysis.
Consider what we know: a bank and a broadcaster and an internet service provider in South Korea reported that their networks shut down. Such network shutdowns can occur when machines are saturated by “external communications requests.” Such requests could come as part of a coordinated attack — or they could come as part of an uncoordinated deluge.
And when do South Koreans uncoordinatedly deluge banks, broadcasters, and internet service providers?
Well, just last week, I felt a great disturbance in the Force, as if millions of voices suddenly cried out and were suddenly silenced. It was the sound of millions of South Koreans getting their hands on this for the first time — and suddenly ceasing to engage in the pretense of social interaction:
As I’m sure you’ve heard, no one does Star Craft quite like the South Koreans. I’ll leave the gory details to Wikipedia, but suffice to say that Blizzard has sold 9.5 million copies of Starcraft I worldwide — and 4.5 million of those sales came in South Korea. At one point, the country boasted two cable television channels devoted to broadcasting live matches. Don’t believe me? Then explain this:
And if you still don’t believe me (or even if you do), check out the Craigslist ad at the bottom of this post.
The point is this: the denial of service attack wasn’t perpetrated by an army of North Korean hackers. It was perpetrated by an army of Terrans from South Korea. Or Zerg. Or Protoss. Or whatever else managed to make its way into Wings of Liberty (I haven’t been following the live matches). Millions of South Koreans undoubtedly bought the game, they played it online, and they watched other people play it — it’s no surprise that the country’s banks, internet service providers, and broadcasters couldn’t handle the traffic.
As I mentioned above, a similar issue plagued “a large number of cities in the United States” just earlier this month: Simcities. According to the New York Times:
In the days following Electronic Arts’s early Tuesday release of the PC-only SimCity, the game barely worked, although there were signs of improvement by week’s end… Electronic Arts’s servers couldn’t handle the immediate influx of players, sticking gamers in queues to wait to play and eventually blocking them altogether… [A]s the situation worsened, the company began to take down servers for maintenance.
And SimCity amounted to just a million or so gamers around the world — imagine what would happen when an entire country collectively tries to log onto its national pastime. Or better yet, read about it:
Police and South Korean officials were investigating the simultaneous shutdown Wednesday of computer networks at several major broadcasters and banks.
Game over. Sorry, North Korea!