Cyber attacks on US, S. Korea could have originated from UK: Experts
By ANIWednesday, July 15, 2009
SAN FRANCISCO - The recent cyber attacks against South Korean and American websites could have originated from Britain, and not North Korea, experts have said.
According to security researchers in Vietnam, the source of last week’s string of attacks by the Mydoom virus - which overwhelmed systems belonging to the US Treasury and the office of the South Korean president Lee Myung-Bak - can be traced to the UK.
“We have analysed the malware pattern that we received. We found a master server located in the UK,” The Guardian quoted Nguyen Minh Duc, director of Vietnamese security company BKIS, as saying.
Investigators said they had discovered new details on how the strikes took place by investigating and tracing back the attacks.
According to BKIS, infected computers had tried to contact one of eight so-called command and control servers every three minutes.
These machines then gave instructions to the hacked PC - generally ordering them to direct traffic straight at victim websites, in attempt to overload and force them to crash.
But these eight servers were themselves being controlled by a single source, which evidence indicated was located somewhere in Britain.
“Having located the attacking source in UK, we believe that it is completely possible to find out the hacker. This of course depends on the US and South Korean governments,” wrote Nguyen in his company’s blog.
The findings contradict some earlier reports that the surge in attacks may have been coordinated from North Korea, a theory largely driven by intelligence reports presented to the authorities in Seoul.
South Korea officials are still trying to ascertain whether the strikes actually originated in the UK.
“We don’t know that the attackers were actually based in Britain, or mainly hacked a British IP address and used it for delivery,” an official from the Korean Communications Commission said. (ANI)