A key Republican lawmaker on Thursday urged President Obama to launch a cyber attack against North Korea, or increase international sanctions against the communist country, in the wake of an unknown hacker’s denial-of-service attacks on U.S. and South Korean websites.
Rep. Peter Hoekstra (R-Michigan), the lead Republican on the House Intelligence Committee, said the U.S. should conduct a “show of force or strength” against North Korea for a supposed role in a round of attacks that hit numerous government and commercial websites this week.
Hoekstra, speaking on the conservative America’s Morning News radio show, produced by the Washington Times newspaper, said that “some of the best people in America” had been investigating the attacks and concluded that most likely “all the fingers” point to North Korea as the culprit.
They’re reaching the conclusion that this was a state act and that “this couldn’t be some amateurs,” claimed Hoekstra, in direct opposition to what security experts have actually been saying.
He added that North Korea needed to be “sent a strong message.”
-------------------------------Rep. Peter Hoekstra's idea of launching a cyber couterattack against North Korea sounds very knee-jerky and just plain wrong at this point.....
As Gadi Evron points out in his DarkReading article, it is silly to just look at the technical information (IP address, exploits used and malware family) and think you can determine who is behind a series of DDoS attacks.
Only with a complete analysis of all-source intelligence can you even begin to make an educated guess about who and where the attackers are based.
The private sector has a ton of very smart security professionals...but most don't have access to classified intelligence (HUMINT, SIGINT, etc)....and thus are making an educated guess with just the technical (network, malware analysis, etc) information.
Even with that in mind, some of those professionals aren't on board with pointing the finger @ North Korea just yet...
The timing is auspicious, but none of the data I have suggests North Korea," Jose Nazario, a senior security researcher at Arbor Networks, told CSO earlier this week. Joe Stewart, director of director of SecureWorks' counter-threat unit, told Computerworld, "There's nothing in there to suggest that it's state sponsored."Point Two
"Still zero evidence of North Korean involvement," said Stewart when contacted Friday for an update.
DDoS attacks are noisy....really dangerous and sophisticated cyber attacks are rarely noisy. In general, I would say attacks like Titan Rain and NASA's Avocado have the potential to damage our national safety & security much much more than any DDoS attack.
DDoS attacks are easy to detect, while that targeted attack against a power plant's SCADA is not. This type of attack could easily be a smokescreen for a much more serious targeted attack.
DDoS attacks aren't new...the corporate world has been dealing with these for years. DDoS attacks are a favorite among extortionists for example. The all-volunteer group formerly known as Castlecops put such a dent in cybercrime activities...that bad guys have been trying to DDoS them since 2006.
The methods of protecting against DDoS attacks are just as well known. Clearly, in this case...some sites were better prepared than others. According to the malware analysis conducted by the South Korean anti-virus firm Hauri (PDF)....many non-government sites were targeted.
Were these sites down for an extended amount of time? I wonder why?
Perhaps because they were better prepared for just this type of attack.
So perhaps instead of taking about counterattack...the government should think about building a better defense overall.
Nick Shapiro, a White House spokesman, said that as of the night of July 7, all federal Web sites were back up and running and that the attacks “had absolutely no effect on the White House's day-to-day operations."
"The preventative measures in place to deal with frequent attempts to disrupt WhiteHouse.gov's service performed as planned, keeping the site stable and available to the general public, although visitors from regions in Asia may have been affected," he added.