Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Network-based visualization of a DDoS.
Credit: Sandia National Laboratories

Mystery still surrounds this week’s distributed denial of service (DDoS) attacks on U.S. and South Korean websites, and while speculation points to North Korea as the source, it’s likely that we’ll never know for certain. The use of a botnet–thousands of infected computers–by definition obscures the identity of the attacker, and with thousands of IP addresses involved, they’re hard to trace back to the source.

An article in the Wall Street Journal points out politically motivating factors that implicate North Korea: the timing can be linked to North Korea’s most recent missile launches, as well as new U.N. sanctions announced last week. Wednesday was also the fifteenth anniversary of the death of Kim Il-Sung, the former leader of the DPRK.

Even so, the attacks appear to be relatively unsophisticated. Jose Nazario of Arbor Networks, a company that monitors internet traffic and DDoS attacks calls them “amateurish” due to a mix of approaches cobbled together using a five- or six-year-old malcode that wasn’t particularly well hidden. It’s also only a moderately sized attack–at 25 megabits per second–though it involves just over 100,000 bots, concentrated heavily in South Korea. What’s most interesting, says Nazario, is the coordination of attacks on both U.S. and South Korean government and commercial sites.

While the attacks made headlines, DDoS is a common problem that happens to big companies every day, and far more aggressively than these hits to government and commercial sites. The White House, NSA, State Department and Department of Defense, after all, are not high traffic moguls like Google or Amazon, which get attacked daily and have built up their own in-house defenses, says Hal Roberts, of Harvard’s Berkman Center for Internet and Society. We just don’t hear about Amazonor Google getting attacked, Roberts says, because it happens so frequently and doesn’t bring down their sites. “There are literally hundreds, if not thousands [of attacks] going on in any given time,” says Roberts.

If two governments were to really go at it in cyberspace, Arbor Networks’ Nazario says they would more likely target key nodes like voice exchange points to inflict real pain or disrupt communications, or they could go after each other’s secrets, similar to the “Titan Rain” attacks that began in 2003, where government and academic research computers were mined for secret project information. Stealing or modifying data, says Nazario, would have a much bigger impact than overwhelming websites.

2 comments. Share your thoughts »

Tagged: Web, security, networks, cyber attacks, DDoS

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me