Home » Cyber Security » US Blew NK Cyber Attacks

US Blew NK Cyber Attacks

By Colin Clark Monday, July 13th, 2009 9:59 am
Posted in Cyber Security, Intelligence, International, Rumors

South Korea and the US ignored advance warning that North Korea might mount cyber attacks should the US and allies punish the north for launching ballistic missiles.

As DoD Buzz readers know, Kevin Coleman warned of this and offers a pretty devastating critique of the defenses available to US cyber warriors. Coleman, a consultant on cyber war to Strategic Command, says we knew the attacks were likely, couldn’t handle a relatively unsophisticated (though persistent) attack from one of the world’s less capable cyber forces and illuminates the still poor coordination between US government departments and agencies.

Kevin’s story follows:

The U.S. Government now admits they did not properly handle the situation. Sources have revealed that the South Korean government knew in advance that the distributed denial of service (DDoS) attacks that hit multiple web sites of major institutions in South Korea had begun earlier in the United States.

Late last week South Korea’s intelligence agency briefed its lawmakers on circumstantial and technical evidence behind their belief that North Korea was behind the recent cyber attacks. Other intelligence sources went as far as to state that Kim Chong Un, the third son of North Korean dictator Kim Jong Il, was the mastermind of the cyber attacks that have hit government computers in the United States, South Korea and other some 14 other countries.

Foreign intelligence sources have also reported that the North Korean government sent a cyber contingent of approximately a dozen people across the northern border into China to conduct some of the operations and that Kim Chong Un actually was in commanded of that unit. Also sources have speculated that North Korean Research and Development Unit (110 or 101) and Cyber Warfare Unit 121 were the primary military units involved in the planning and execution of the DDoS style cyber attack. At least one Republican lawmaker urged President Obama to take retaliatory action (cyber attacks) against North Korea for the cyber attacks launched last week.

Given the extremely limited telecommunication infrastructure (estimated 1.18 million phone lines) and the limited Internet connectivity (given the less than 80,000 broadband connections) a cyber attack would be next to useless. After studying and researching the cyber attacks the following observations are offered.

1. The current U.S. defenses against cyber attack are woefully inadequate against even moderate level attacks as we have just experienced.

2. The fact that these attacks were well-coordinated, lasted as long as they did and were able to bring down a number of sites says more about the state of our defenses than the moderate rated offensive cyber capabilities of North Korea.

3. This clearly shows the need for the international agreement for cyber attack investigation cooperation that has been called for by many cyber warfare experts including me. These attacks were routed/launched through compromised computers in 16 countries.

4. Reports that the Department of Defense was not alerted to the attacks and found out through the media indicate that better coordination between DOD, DHS, DOJ and other government organizations as well as the private sector is critical in times of cyber attack and therefore must be improved and maintained.

5. There are unconfirmed reports for typically reliable sources that a South Korean intelligence agency has obtained documents ordering North Korean army units to start the cyber attack. If true, this could be the smoking gun! Once verified, that would open the way for retaliatory action.

Tags: Commentary

This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.

Join the Conversation

	DensityDuck July 13th, 2009 at 12:58 pm Although you do have to explain why taking out CNN.com is an act of war. See, this is part of the whole “cyber attacks” thing that I don’t get. Why is nuisance action against a country’s infrastructure considered an “attack”? As analogy, this is like driving speedboats in front of cargo ships trying to leave port. A: The regular port police (or, rather, sysops and such) should be handling this as part of their normal duties. B: actual military capabilty was not affected one iota.
	Alex July 13th, 2009 at 3:26 pm What the hell was attacked? It doesn’t seem as though there was any sort of a security risk as a result of these attacks, aside from a minor nuisance to some websites. They seem to be blowing this way out of proportion, because if I actually understand what happened, then it took an entire government what a few eastern European hackers could do before bed time.
	Karl July 13th, 2009 at 3:58 pm Alex you are right YOU DON“T GET IT!
	Chief Houston July 13th, 2009 at 6:16 pm While these 5 points below are valid, there is nothing new except that a theoretical weakness that was known about for some time now, was exploited by a foreign government. Point 5 mentions the smoking gun. If this is in fact the case, then send the spike masters for a field day trip, before any international committee is convened. 1. The current U.S. defenses against cyber attack are woefully inadequate against even moderate level attacks as we have just experienced. 2. The fact that these attacks were well-coordinated, lasted as long as they did and were able to bring down a number of sites says more about the state of our defenses than the moderate rated offensive cyber capabilities of North Korea. 3. This clearly shows the need for the international agreement for cyber attack investigation cooperation that has been called for by many cyber warfare experts including me. These attacks were routed/launched through compromised computers in 16 countries. 4. Reports that the Department of Defense was not alerted to the attacks and found out through the media indicate that better coordination between DOD, DHS, DOJ and other government organizations as well as the private sector is critical in times of cyber attack and therefore must be improved and maintained. 5. There are unconfirmed reports for typically reliable sources that a South Korean intelligence agency has obtained documents ordering North Korean army units to start the cyber attack. If true, this could be the smoking gun! Once verified, that would open the way for retaliatory action.
	Chris July 14th, 2009 at 7:08 am counter Cyber attack-Cyber them
	Tenn Slim July 14th, 2009 at 9:39 am ALL Re whether or not this is an “attack”, lies in the definition of “attack”. The old Clinton defense of Is vs Is… Cyber warfare, by it very nature can be devastating, unknown to the average joe, and if carried out to the extremes, a means of defeating the systems we depend on for our safety. It requires a VERY HIGH level of technical expertise to determine the occurrence, validity, and depth of such impositions on our cyber systems. Question to all: Do we have such, are we capable of using such and will we respond, covertly, overtly or at all? My Opine, OBNA will ignore this, as it is beyond the mind power of their Czars intelligence. End
	cfish July 14th, 2009 at 10:31 am DDOS attacks such as this are MINOR at best. All they did were target a few website clusters, very easy to stop (and btw most were) from the commercial backbone level. Thousands are launched daily worldwide against websites and more importantly infrastructure. This one was puerile, and worthy of only minor response. I would bet N Korea finds it really hard to surf the net at all right now, since the US ISP Backbones have blackholed them just to be sure.
	Chris July 14th, 2009 at 11:27 am North Korea is suspected of involvement. The spy agency told lawmakers last week that a North Korean military research institute had been ordered to destroy the South’s communications networks
	Brian July 14th, 2009 at 12:12 pm N. Korea is suspected of doing everything bad in the world today. It wouldn’t surprise me if they hadn’t tried to do something like this,and it surely is within their power to do so. I got a message the other daya that one of my websites had been attacked by something. Who knows, maybe it was Uncle Kim trying to spy on my dating life.
	Connor July 14th, 2009 at 3:49 pm I don’t care how “Minor” the attacks were. NEVER underestimate the enemy. Cyber warfare is a critical front in the 21st century. If we fall behind now, we may not be able to catch up. North Korea can and will launch more devastating attacks in the future. If the enemy can hack into critical systems and obtain sensitive files then by God we need to have the best cyber force possible NOW.
	Navybrat111 July 14th, 2009 at 3:55 pm The Obama government is once again apologizing — this time for not realizing how serious the cyberattacks would be. How many times do we have to go this Bidenization of the Obamic defense plan?
	John Moore July 14th, 2009 at 4:49 pm that would open the way for retaliatory action. Please you realize who we have in office right? Mr obama aint gunna even open his mouth. WIMP!
	Yankee Medic July 14th, 2009 at 6:18 pm When are we going to get those satellites that can monitor computer traffic in countries like North Korea, Iran, Russia etc and find the source of cyber attacks in real time ? Once we have confirmed the source, is there some way to effectively BLOCK it by satellite ?
	Bier July 14th, 2009 at 9:51 pm It sounds like we are responding well against this threat. Admitting that we are not prepared for such an attack is a good start to building a defense, and developing a good response to North Korea, should they try this again, or if hostilities were to resume, I’m sure NK would add this to their “go-date.” OK– Here’s something crazy.. We can put ads, and signs in space that can be viewd from the ground– and theoretically we could block the sun on spots of the earth. We should build it and take the sun from NK, and float a giant glowing American Flag over their eternal night sky. That would be a moral breaker to any people. We could do it if we wanted to.
	cfish July 15th, 2009 at 1:49 pm The US Backbones face attacks against infrastructure daily…Most are block by tracing the source IP address then routing the subnet into nowhereville. The blocking has to be done on fiber connected routers. The block items are culprits (or unwitting zombies), so if Nork started the attack, those IP addresses would be the ones blocked (if not, then not in N.K.). It is all standard ops at the big commercial ISPs. A real cyber attack would take down the backbone and we would not be blogging :0)
	cfish July 15th, 2009 at 1:53 pm My point is thus, this little attack warns us that we need to really prep for the worse ones to inevitably come from someone…
	Alex July 15th, 2009 at 2:22 pm Yankee Medic, I don’t think you understand how the internet works. No satellite can monitor your Comcast internet usage because it is all hardwired, with the exception of maybe your wireless router, with a signal that can’t even get past your neighbors house, much less into outer space for a satellite to intercept. If someone is using SATELLITE internet on the other hand, then the capability to monitor that is nothing new.
	Sammy July 16th, 2009 at 8:47 am This blimp on the radar will give Obama a reason to spend billions on cyber defense. I see another Czar in our future.
	tmac July 16th, 2009 at 12:35 pm How dare they slow down my connection! I couldn’t twitter for like 10 minutes! NUKE EM!!!
	Wacko July 18th, 2009 at 10:36 am to tmac : LMAO !, but really if this had no effect or threat to national security then WTF is the big deal here. Goverment dont need to be wasting more tax dollars to bail out privetly owned companies, let them deal with the issuse if they cant then get the hell outta the business. From what has been said here it boils down to nothing more then what Hackers have been doing to Microsoft for YEARS
	TinMan July 21st, 2009 at 7:58 pm One again children, it boils down to the vulnerabilities of Windows. God…how many times do you have to be hit in the face with that to get it?
	capnemo September 19th, 2009 at 5:32 pm If Macs made up a significant portion of network assets they would be targeted — but they are insignificant.