DDoS attacks on US and S. Korea came from U.K.

Sections: Computers, Security

submit to reddit

Although many previously thought that the distributed denial of service (DDoS) attacks last week originated in North Korea, the latest reports indicate that the source was actually the United Kingdom.

This is according to a study done by a Vietnamese computer security company, Bach Khoa Internetwork Security (BKIS). In a statement posted on the company’s website, senior security director, Nguyen Minh Duc, said that they managed to gain control of two of the eight servers involved in the attacks, and by doing so, were able to pinpoint the master server. That server has an IP address in the 195.90.118.x range, which is registered to Global Digital Broadcast in the U.K.

“Having located the attacking source in U.K., we believed that it is completely possible to find out the hacker,” Nguyen wrote.

The attacks affected tens of thousands of computers and lasted a week. The U.S. Department of Transportation and Treasury was affected, as well as the U.S. Federal Trade Commission. In South Korea, the president’s home page, and the South Korean national assembly, as well as the US Forces Korea were hit.

Infected computers were used to send floods of requests to the attacked computers. The virus on the infected computers allowed the hackers to use them anonymously. One of eight servers were randomly selected every three minutes to connect and receive orders. It was through two of these eight servers that BKIS was able to discover the master server, although the company that owns that company was not able to be immediately contacted.

Most of the infected computers were in South Korea, followed by the United States, although there were also infected PCs in China, Japan, Canada, Australia, the Philippines, New Zealand, the U.K. and Vietnam.

Read: [Computerworld]

Print Friendly