A report produced by internet security firm McAfee has concluded that the Distributed Denial of Service (DDoS) attacks on South Korean and U.S. that began on March 4th, 2011 were likely to have been an attempt to test the readiness to deal with such attacks on the part of South Korea.
The attacks, which lasted for ten days, were focused mostly on key South Korean government organs including the offices of President Lee Myung Bak and the National Intelligence Service, but also included attacks on elements of U.S. Forces Korea.
While the report, ‘Ten Days of Rain’, does not categorically assert that the attacks were conducted by North Korea, it does note that they “suspiciously align with North Korea’s agenda” and warns that in terms of sophistication and power, the final attacks were notably inferior to their potential for devastation.
“While the code and botnet architecture were advanced,” the report explains, “the attack itself was very limited and may have been utilized to test and observe how quickly the attack would be discovered, reverse engineered, and mitigated.”
It continues, “Armed with this knowledge, the aggressor could launch cyberattacks, possibly in conjunction with kinetic attacks, with a greater understanding of South Korea’s incident response capabilities. As such, the attackers could better understand their own requirements for a successful campaign.”
Speaking in more colloquial terms, it concludes, “The combination of technical sophistication juxtaposed with relatively limited execution and myopic outcome is analogous to bringing a Lamborghini to a go-cart race. As such, the motivations appear to outweigh the attack, making this truly seem like an exercise to test and observe response capabilities.”
The report also notes that it is highly probable that whoever was responsible for the March, 2011 attacks was also responsible for the July 4th, 2009 attacks on a range of targets in the United States and South Korea, including the U.S. Department of State.
