By ZACHARY FRYER-BIGGS
WASHINGTON — The problem with cyber attacks is that victims all too often face a complex maze when trying to find the source of the strike, leading to months of digging for few conclusive answers. But in the environment of grandiose nuclear threats and escalating hostilities on the Korean Peninsula, both sides seem to be trying a new tactic: blame first, figure it out later.
The 'less than thorough' approach may provide consolation for those seeking an immediate target but could spell disaster for a pair of countries so close to full-on conflict, and plagued by cyber shenanigans, including those from hacktivists making political points.
In the past, difficulty attributing attacks to a state or specific group has stayed the hand of nations looking to respond and complicated diplomatic relations as those responsible hide behind the relative anonymity of connected networks. But in the case of North and South Korea, that uncertainty is providing cover for each party to blame the other for recent attacks that may not have been perpetrated by either.
A day after the attack that disabled 32,000 computers in South Korea on March 20, the country’s Korean Communications Commission pointed the finger at an IP address in China, a clear implication that the North Koreans were to blame, analysts said. North Korean groups have used Chinese IP addresses to conduct attacks in the past. The next day the commission retracted its statement, saying it had misidentified an IP address that was actually from one of the banks that was targeted.
The North Koreans, having experienced a series of distributed denial of service attacks (DDoS) throughout March, haven’t hesitated in placing blame either.
“It is as clear as a pikestaff who mounted the cyber attacks as it was timed to coincide with the nuclear war exercises staged by the U.S. and South Korean warmongers against the DPRK [Democratic People’s Republic of Korea],” the government-run Minju Joson newspaper published March 20.
In reality, the North Koreans have been beset by attacks from hacktivist groups, including the compromise of social media accounts April 4, and the exact source of the DDoS attacks is still unclear, although the group Anonymous has taken credit. And while the attack on South Korean computers bears a more-than-passing resemblance to the Shamoon virus that effectively took down thousands of systems at the Saudi state-owned oil company Aramco, the source is still unknown.
Read the full story at DefenseNews