Recent coverage of cyberwarfare has focused largely on the battle raging between the United States-based corporations & its government, and a shadow unit of elite Chinese military hackers. But lest the world’s attention shift too far from the egos of petulant dictators, news of intrigue from the homepeninsula of PSY:
Police and South Korean officials were investigating the simultaneous shutdown Wednesday of computer networks at several major broadcasters and banks. While the cause wasn’t immediately clear, speculation centered on a possible North Korean cyberattack.
There are good reasons to blame the shutdown on North Korea:
The shutdown came days after North Korea blamed South Korea and the United States for cyberattacks that temporarily shut down websites in Pyongyang.
Tensions between the neighboring countries are high following North Korea’s recent nuclear test and U.N. sanctions that followed.
But when you take a moment to examine the evidence, that explanation sort of falls apart:
The Reuters news agency reports that South Korean government investigators haven’t found any evidence yet of an external cyberattack.
Reuters also reports that a major Internet service provider, LG Uplus, says it believes its network has been hacked.
And since when do North Koreans even have computers anyway??
So while the investigation is ongoing, I’ll take this opportunity to explain exactly what I think is going on, and it has nothing to do with cyberwarfare waged by North Korea — or anyone else.
In fact, I would suggest that South Korea is suffering from a unique species of “denial of service”-like attack that also happened to recently afflict a large number of cities in the United States.
I have extensive expertise in computer hackery (in that I am a hack who writes on a computer), so my suggestion that the technique employed in South Korea was “denial of service” has absolutely nothing to do with the fact that it is the only type of hack I could name off the top of my head. My explanation is, at the very least, plausible — so bear with me. According to Wikipedia, from whence my detailed knowledge of DoS attacks:
A “denial-of-service” attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. There are two general forms of DoS attacks: those that crash services and those that flood services.
The attack in South Korea has been characterized as a “shutdown”, so we’ll assume it was the type that involves crashing (as opposed to flooding) services.
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
I don’t know what a root nameserver is (nor do I care enough to click on the helpfully-provided link), but the attack we’re dealing with did affect high-profile web servers, including banks, so: so far so good.
One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable.
This final piece of information is the one crucial to my analysis.
Consider what we know: a bank and a broadcaster and an internet service provider in South Korea reported that their networks shut down. Such network shutdowns can occur when machines are saturated by “external communications requests.” Such requests could come as part of a coordinated attack — or they could come as part of an uncoordinated deluge.
And when do South Koreans uncoordinatedly deluge banks, broadcasters, and internet service providers?
Well, just last week, I felt a great disturbance in the Force, as if millions of voices suddenly cried out and were suddenly silenced. It was the sound of millions of South Koreans getting their hands on this for the first time — and suddenly ceasing to engage in the pretense of social interaction:
Continue reading Did this computer game shut down the internet across an entire country? →