Security Featured Article

A third round of cyber attacks in South Korea Thursday was a shot across the bow for the United States to step up its security efforts, experts say.

 

In an interview with TMCnet, James Lewis, director and senior fellow at the Center for Strategic and International studies in Washington, D.C., said the outages in South Korea is a “wake-up call” to focus its efforts on maximizing cyber security across all government agencies.

 

“This was the most primitive kind of attack, and it was less of an attack and more of a demonstration,” Lewis said. “The fact that our response was uneven and disorganized should worry us. The fact that some of the [U.S. government sites] did crash makes you wonder how well prepared we are to respond to a more sophisticated attack if one were to occur.”

 

In the United States, the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all paralyzed at numerous points over the holiday weekend and into this week.

                           

Seven sites — one belonging to the South Korean government and the others to private entities — were attacked in the third round of cyber assaults, Ku Kyo-young, an official from the state-run Korea Communications Commission, told the Associated Press. U.S. and South Korean officials have said they believe North Korea is behind the cyber attacks.

 

Lewis called the “assaults” a new form of cyber conflict.

 

“Usually governments hide. North Koreans, if they are responsible, will be the first case of one government attacking another in this way, and, if they come forward, openly doing so. It’s not a good precedent,” he said. “Right now we’re blaming North Korea, but we may never know who was actually responsible. The way these attacks are launched, it makes it difficult to track.”

 

In a statement to the Obama administration, Lewis wrote:

 

“It has been 10 years since the first reports called attention to America’s vulnerability in cyberspace. Unfortunately, the situation has gotten worse, not better, during the intervening decade. That cyberspace now provides the foundation for much of our economic activity is not readily apparent. However, those who wish to do harm to the (United States) have not failed to notice the opportunities created by the weaknesses of (the United States)."

 

However, the cyber assault on the White House site had “absolutely no effect on the White House’s day-to-day operations,” spokesman Nick Shapiro told MSNBC.

 

In response to the Obama administration’s current cyber-security efforts, Lewis said: “They’ve said all the right things, and they are doing all the right things, but it would be nicer if they could move a little faster. ... Is this a wake-up call? It should be.”

 

However, some security experts say there is no ultimate resistance from cyber assaults occurring in the future.

 

“There is no such thing as immunity to cyber-attacks. Even sophisticated organizations with heavy investments into defensive security measures can be hit with these and other advanced and persistent attacks,” said Amit Yoran, CEO of NetWitness (News - Alert), an IT risk management firm.“This is yet another example of why organizations need to be adaptive and able to respond to, analyze and address new attack methods as they unfold. We need to take a more sophisticated approach to our protective measures – moving beyond the current generation of technologies – because the threats we are facing have evolved beyond the ability of many technologies to address them…and all indications are that they will continue to do so.”

 

South Korea’s AhnLab – a Seoul-based security software company – told the Associated Press they had analyzed a virus program that sent floods of Internet traffic to paralyze Web sites in the two countries. Representatives from AhnLab were not immediately available for comment Thursday.

 

Yoran said what is making the attacks so effective is the fact that they are based on a large-scale BotNet army, which is carrying out sustained attacks against multiple targets in the dot-gov and outside. “There are varying reports related to down time caused by these attacks – and with so many properties being targeted it is really difficult to provide a complete assessment. Some reports are indicating down time of a few days to this point – which speaks to the sustained nature of this effort.”

 

According up to a report released by AhnLab, Korea’s leading computer security provider, up to 16,768 malicious codes and spywares were newly discovered up to the third quarter of 2008, a 2.6 time increase over the same period last year. This sudden upsurge is attributed to the ease of generating these malicious codes, and the continuous making and sharing of tools for using these malicious codes for automated attacks.

 

Other issues on the top seven list are: the rampancy of fake foreign anti-virus software; an upsurge of foreign spywares; intelligent attacks on Web sites; increasing malicious codes taking advantage of PDF, DOC, and PPT file vulnerabilities; increased activity of BotNets triggering DDoS; first report of DNS cache poisoning attack codes; and continued casualties due to traditional viruses.