Security software giant McAfee Inc. believes that the attacks on government websites back on July 2009, and the recent march 2011 attacks are part of a tactic to test the websites of South Korea. North Korea might have been behind the attacks.
The South Korean attacks are more dangerous compared to Apple, Fox News, and other companies that got harassed by the group LulzSec, Anonymous and Script Kiddies. It is true that some companies tend to shut down their operation after some attack on their website, resulting to losing a sum of money for the companies. However, the attack on South Korea’s website is far more dangerous since the hackers are doing it as part of a cyber war drills aimed at figuring out if the website could be used against their enemies.
Dmitri Alperovitch, vice president of threat research for McAfee Labs said that the attacks on South Korea’s website is more dangerous to national security than those to what the hacktivist had done with large firms. They have a greater intention than just damaging the reputation since they want to know that impact that cyber weapon can do during a real war.
Hacker developed malicious software to do the job for them. The software overwhelms the website with large volume of traffic until the server could not handle it anymore, forcing the hosting company to shut down the website.
On a document released on Tuesday, McAcfee claimed that the attacker works with a virus that could install itself on a computer, turning it into a slave computer. The slave computer can be used in any way that the hacker wanted it. The virus released through Korean file-sharing site and worked its way to different computers by infecting every computer that downloaded the program.
Once a computer becomes a slave, they serve as botnet or an army of enslaved computers. The hackers can now easily manage it with just a single command.
The botnet works in a rapid operation. It could be done in just a few seconds. Focus and has a single goal, with an intention of finding the level of damage that it could do in just a short period.
In order to make it harder for researchers to detect them, the hacker instructs the virus to destroy every computer it infects 10 days following the March 4 attack.
This is not the behavior of a common hacker since they would want to use the enslave computer on another web attack they are going to do in the future. The hackers that attack South Korean website wanted to clean their tracks. This way, it would be impossible for any security firms to come after them.