OK, so I've been rather sceptical about North Korea's cyber warfare capabilities. It's a tad hard to square news of elite cyber saboteurs with this crappy DPRK government website. But maybe I was wrong.
Over the weekend, North Korean-linked hackers carried out distributed denial-of-service (DDOS) attacks against US and South Korean government and commercial websites.The websites targeted included those of the US Secret Service and the White House, the New York Stock Exchange, and South Korea's Defense Ministry and National Assembly.
Tim Stevens, who blogs at ubiwar, was quoted as saying that "this type of 'denial of service' attack was designed to disrupt rather than penetrate a system to obtain data". Opinion varies about the scale and sophistication of the attacks. The Guardian described it as "a paralysing barrage of electronic cyber attacks", but this article claimed that the attacks were relatively unsophisticated and small-scale, involving 50,000 to 65,000 computers.
Another thing I've been sceptical about is the effectiveness of DDOS attacks. What's the big deal if a couple of websites are down for a day or two, right? But according to the Technology Liberation Front...
"The only real cost of an attack such as this one is writing an effective bit of malware that can spread itself around, compromise tens of thousands of machines, and allow an attacker to call on this army of unwilling silicon conscripts whenever it wishes. When viewed from the hundred-billion-dollar heights of nation-state budgets, this cost is essentially zero....
DDOS attacks are a cheap (hijacking is free), relatively hard to trace, and very effective way for a state or non-state actor to inflict meaningful economic losses on others."
Banks and companies carry out a lot of business via their websites. Increasingly, government departments are delivering core services through their web portals, like getting people to apply online for welfare benefits and grants. Even temporary disruptions can inflict big costs on businesses, departments and customers alike. This is a pretty good return on investment for hackers.
