Computer Crime Research Center

Root-Server Attack Traced to South Korea, U.S.
(By Brian Krebs)

Last week's attacks on the Internet's backbone likely emanated from computers in the United States and South Korea, FBI Director Robert Mueller today said.

"The investigation is ongoing," Mueller said at an Internet security conference in Falls Church, Va. He did not offer more details on the investigation, nor did he outline the evidence investigators have gathered so far.

Last Monday, a distributed denial of service (DDOS) attack struck the 13 "root" servers that provide the primary road map for the Internet. A subsequent and possibly related attack targeted the "name" servers that house Internet domains like dot-com and dot-info.

East Asia is a major source of cyber crime and computer attacks, in part because of the relatively high number of broadband users in the region's countries. High-speed Internet service is essential to DDOS attacks, in which hackers use dozens -- and often hundreds -- of commandeered computers to overwhelm targeted networks with a flood of Internet traffic. South Korea boasts nearly as many broadband users (8 million) as the U.S. and has more broadband connections per capita than any other country.

"We've tracked a total of at least 80,000 zombie machines in South Korea that are trivially exploitable and usable for these kinds of attacks," said Johannes Ullrich, chief technology officer for the Internet Storm Center, which tracks the source and type of cyberattacks worldwide. "These are machines that have ready-made back doors that allow them to be used to target other networks."

According to several recent studies, only the United States surpasses South Korea as an origin of computer attacks.

Such statistics don't necessarily prove the actual source of cyber attacks, since attackers frequently can mask their identities and locations.

But armed with the right technology, investigators can frequently identify the Web addresses of computers used to issue or direct the zombie computers to attack their target, said Alan Paller, research director for the SANS Institute, a nonprofit computer security research and training group.

"Investigators can often trace these attacks with the right kinds of tools," Paller said. "This kind of tracing can be hard to do during the attack, but can often yield results after the fact."

Mueller's remarks today came in a speech in which he encouraged private industry to cooperate with law enforcement in fighting cyber crime. He also discussed his agency's likely role in cyber security under a newly formed homeland security agency.

Source: theMezz.com/

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907
contacts@crime-research.org