Source of Cyber Attacks Originated From Britain
By Kim Tong-hyung
Vietnamese security experts claimed that the source of the cyber attacks that pummeled South Korea last week was located in Britain, a report Korean authorities confirmed as ``credible.''
Bkis, a Vietnamese agency that is a member of the Asian Pacific Computer Emergency Response Team (ACERT), said that about 166,908 ``zombie'' computers from 74 countries around the world have been used for the attacks that also hit the United States and other countries.
Bkis had been requested by KrCERT, Korea's computer emergency response team, to collaborate in analyzing the malicious software that was performing the massive distributed denial of service (DDoS) attack over four days until last weekend.
The Vietnamese agency analyzed the patterns of the malicious codes received from KrCERT and located the botnet, or software robots, controlled by eight command and control (C&C) servers via an embedded code. The group also found and identified the Internet protocol (IP) address of a master server located in Britain, which controlled all of the C&C servers to make the series of cyber attacks.
The Korea Communications Commission (KCC), the country's broadcasting and telecommunications regulator, backed Bkis report and said law enforcement authorities are currently seeking cooperation with the British government to investigate the attack source.
However, the findings by Bkis had some inconsistencies with reports from the Korean government about the malicious codes, which had been though to be operating autonomously without directions from a C&C server.
In a Bkis Web posting, Nguyen Minh Duc, Bkis' security director, said it was the first time that the existence of a master server has been reported.
``We don't know that the attackers were actually based in Britain, or mainly hacked a British IP address and used it for delivery,'' said an official from KCC's network policy bureau.