Experts: Cyberstrikes originated from Britain, not North Korea

http://www.guardian.co.uk/technology/2009/jul/15/hacking-usa
A recent wave of cyber attacks that crippled thousands of computers and websites in the United States and South Korea could have originated from inside Britain, experts have warned. According to security researchers in Vietnam, the source of last week’s string of attacks by the Mydoom virus – which overwhelmed systems belonging to the US Treasury and the office of the South Korean president Lee Myung-Bak – can be traced to the UK. “We have analysed the malware pattern that we received” said Nguyen Minh Duc, a director of Vietnamese security company BKIS, in a post on the company’s blog. “We found a master server located in the UK.” Investigators said they had discovered new details on how the strikes took place by investigating and tracing back the attacks. According to BKIS, infected computers had tried to contact one of eight so-called command and control servers every three minutes. These machines then gave instructions to the hacked PC – generally ordering them to direct traffic straight at victim websites, in attempt to overload them and force them to crash. But these eight servers were themselves being controlled by a single source, which evidence indicated was located somewhere in Britain. “Having located the attacking source in UK, we believe that it is completely possible to find out the hacker,” wrote Nguyen. “This of course depends on the US and South Korean governments.”

July 16, 2009 - Posted by informationalwarfare | Net Neutrality, State Sponsored Terrorism, Web 2.0 | | No Comments Yet