Shields Up!: Global cyberattack investigation leads to…Miami?

When a large scale cyberattack began hitting the United States and South Korea over the July 4th weekend, the accusations and speculation regarding who was to blame began flying. South Korea insisted North Korea must be to blame. The U.S. wondered if it was the work of Russia or maybe China. Researchers claimed to have found the master control server in the U.K. So who is really to blame for the attack, which is still not over?

Well the specific individuals are still unknown, but the actual server responsible for controlling the botnet that carried out the attacks was found right here in the U.S. Miami to be exact, in the data center of a Latin American broadcasting company.

Authorities say the command and control server controlled over 160,000 infected computers, called zombies, in 74 countries. The computers were most likely infected via a malware infested website they unwittingly visited. The botnet sent new instructions to the zombies every three minutes. In this case the zombies were instructed to flood specific government and business websites with useless queries, causing slow downs and in many cases crashes.

This is called a DDoS (Distributed Denial of Service) attack. By tying up a site’s bandwidth it denies use of the site to legit visitors. The results are similar to what happened when Michael Jackson died and people flooded news and social networking sites. Those sites became slow to load and some actually went down all together. The difference is that happened because of a legitimate spike in traffic.

Why would someone want to carry out a DDoS attack? It’s a purely malicious act. Sites that are victimized by a DDoS attack are not hacked or compromised in any way, and no data is stolen. They are just made unusable. The exception to this is a severe attack known as a PDoS (Permanent Denial of Service) attack. In this type of attack security flaws in the remote management of the victims hardware are exploited and allow the attacker to send corrupted software to them, rendering them permanently damaged or “bricked.”

The attack against the U.S. and South Korea affected and in some cases took down every major government website as well as major business sites such as the New York Stock Exchange and Bank of America. That our government can’t protect its own sites against cyberattacks is pretty embarrassing and a little scary. President Obama may well be the most tech savvy president in history but he’s got a lot of work to do if we are going to be able to fend off the growing problem of cyberattacks and cyberwarfare.