Attacks that crippled South Korean government Web sites in July 2009 and again in March 2011 might have been cyber war drills conducted on behalf of North Korea, according to security software maker McAfee.
That would make the South Korean attacks more menacing than recent attacks by hacker activists, or "hactivists," such as the groups Anonymous and Lulz Security. Those groups have temporarily shut down high-profile Web sites, including those of MasterCard, the CIA and NATO.
Hactivists attack as a form of electronic protest, but the attacks on South Korea were likely Internet reconnaissance missions to test the impact that cyber weapons could have in wartime, said Dmitri Alperovitch, VP of threat research for McAfee Labs.
"This stuff is much more insidious and much more dangerous to national security than what Anonymous is doing," he said.
McAfee made the claim in a technical analysis of malicious software hackers used to launch the March 2011 denial-of-service attacks against South Korean Web sites. Denial-of-service attacks shut down Web sites by overwhelming them with traffic.
The document, which was released on Tuesday, said the attackers likely built the army of computers that launched the attacks by infecting healthy PCs with malicious software at a popular South Korean file-sharing site.
Once the PCs were infected, they became part of a "botnet," or army of enslaved computers, that the hackers managed remotely from "command and control centres".
That botnet was used on 4 March to attack 40 Web sites in South Korea, according to McAfee.
"It was a very rapid operation, very constrained with specific goals," Alperovitch said. "The intent was to see what level of damage you can do in a very rapid time period."
The hackers responsible for the attacks tried to make it difficult for researchers to figure out what they were doing.
They encrypted their software, or scrambled it to make it difficult to study, and also programmed it to destroy itself and its host PC 10 days after the 4 March attack began.
It is highly rare for botnet herders to instruct infected computer systems to attack themselves. They typically try to keep enslaved computers running as long as possible so they can use their botnet to perform many tasks.
The hackers likely worked so hard to hide their tracks because they wanted to make it difficult for authorities to ascertain the real purpose of the attacks, Alperovitch said.
They were cyber war drills designed to determine how difficult it would be to take down key government Web sites in the event of war, he added.
McAfee is a subsidiary of chipmaker Intel.
Share