On March 4th over forty websites including those of major governmental institutions including the Presidential office, the National Defense Ministry, and the National Intelligence Service; as wel las private enterprises such as Kookmin Bank and Naver--were hit with Distributed Denial of Service(DDoS)attacks. These websites are still dealing with and recovering from the attacks. On March 6th our reliable source implicated North Korea as the originator and perpetuator of these attacks.Our source is a high ranking North Korean government official, and is the same source who gave us warnings and information regarding previous DDoS attacks.
The source had investigated the earlier DDoS attack--when over twenty-five major websites including those of the Blue House and the White House were paralyzed on July 7th 2009. Through the sources investigation, he compiled an account of the purpose and method, and revealed pertinent evidence regarding the DPRK’s DDoS attack. The source confirmed that there are, still in operation, at least 100,000 infected “zombie” computers acting as vehicles for DDoS attacks as of March 2011.These “zombie” computers are the remnants of the estimated 300,000 computers which were used in the July 2009 DDoS attack.
The source added that--due to the infected laptops where the DDoS attacks originate being destroyed after they carry out the transmission of an attack--it is extremely difficult to trace or confirm the exact location these attacks originate from.
The source also noted that due to the malicious code used in the DDoS attack being stored in computer’s hard drives (within their Start program), and activated when the infected computer boots up, computers that are suspected of being infected should practice extreme caution in order to avoid triggering more DDoS attacks that indiscriminately target susceptible websites. According to the source, computers running Windows XP are at highest risk for infection.
The source emphasized that, because illegal gaming sites hosted by Chinese servers are used as the primary route of infection, computers which have run gaming programs through these websites could all potentially become “zombie” computers that could pass on infection and additional DDoS attacks.
This source is highly credible. In May of 2009 this same source passed us information predicting that North Korea would launch a cyber attack in the immediate future--before the July 2009 DDoS attack took place.
Seoul Station Theoville, 62-7 Mallidong1-ga, Jung-gu, Seoul, 100-371, Korea
Body Corporate North Korea Strategy Information Service(NKSIS)
Publisher: Yun-keol, Lee Editor: Jun-woon, Lee
Tel: 02-585-9149, Fax: 02-586-9149, E-mail: firstname.lastname@example.org
Copyright ⓒ 2011 North Korea Strategy Information Service(NKSIS). nksis.com. All rights reserved
Reproduction, copying, or redistribution of the materials on NKSIS are strictly prohibited. Any unauthorized use constitutes a willful copyright infringement subject to punishment.