That's the good news.
The bad news is that, as of yesterday, it looked like people in South Korea and elsewhere whose computers had been used by whoever planned the attack may be losing their data today.
An article in yesterday's PCWorld says that the bots that infected tens of thousands of computers were programmed to "encrypt user data or reformat the hard drive of the PC." (PCWorld)
What's a bit sad about this situation is that apparently the computer users could have kept the malware from getting into their machines, or fixed the problem, by installing and updating anti-virus software.
I've been "lucky" this time - my machine doesn't seem to be one of those affected. I also have anti-virus software installed that updates itself a few times a day, on average: along with a set of anti-malware packages that should pick up what the 'perimeter defenses' miss.
Independence Day 2009 Cyber-Attack: Lone Hacker? North Korea? Good QuestionThe attacks started July Fourth and affected prominent websites in South Korea and America, including:
- South Korea
- The top-ranked news website
- A leading online auction site
- Electronic banking portals
- The Ministry of National Defense
- The president's website
- The National Assembly's
- A site for the U.S. Forces in Korea
- Departments of Transportation, State and Treasury
- The White House (maybe)
- The New York Stock Exchange
- The Federal Trade Commission
"...In this case, the vehicle appears to have been a well-known software 'worm' that was reprogrammed -- and not particularly well, it seems -- for the task. Still, for all of its crudeness, the attack did work. In the U.S., some sites were down for as much as 24 hours. In South Korea, some remained crashed Thursday...." (ABC News)The apparent lack of skill used in the attack could mean almost anything: that some kid with a computer decided to vandalize websites; or that a national agency somewhere wanted their attack to look like the work of a non-too-skilled loner.
An obvious culprit, from several points of view, is North Korea: but there's not much evidence to back up that assumption, it seems.
On the other hand, North Korea could be responsible for the recent attacks and the ones last year that came from servers in China.
We just don't know.
Hack Back? MaybeAn op-ed piece on the ABC News website, "Cyber-Terrorism and How We Should Respond," makes a valid point: almost all discussions of the latest cyber-attack that I saw take the same line as PCWorld's: the attack is the fault of the victims, who should have had better defenses.
There's some truth to that. Given the state of the Internet today, a robust anti-virus program, anti-malware programs, frequent updates and scans, and tight user protocols are necessary. If you don't want to have your computer in the shop at frequent intervals, at any rate.
But there's a problem with thinking strictly in terms of defense against attacks. Several, I think. The ABC News op-ed recognizes one:
"...The awful irony to all of this is that, having spent a generation now figuratively patting hackers on the heads for their crimes and telling them not to do it again, we seemed to have put ourselves into the trap of treating all such assaults as a form of victimless crime, a kind of practical joke perpetrated by people with more brains than sense...." (ABC News)So far, so good. I don't think that a purely defensive posture is a good idea, except maybe on paper.
The author uses the homeowner comparison, pointing out that a determined thief, given time and tools, can get into any house: no mater what sort of security the owner has in place.
And, the op-ed offers a solution:
"...At what point do we decide that such assaults on our sovereignty, our institutions and our fellow citizens are unacceptable? When do we get out of our defensive crouch and actively go after governments that are attacking us through cyberspace? Will it be after a Web Pearl Harbor catches us by surprise and crashes our financial markets -- or kills thousands of people trapped in computer-controlled transportation systems run amok, or in a darkened city trapped in a blizzard or heat wave, or babies in microprocessor controlled incubators?Something along those lines might work.
"And long before then, why can't we respond to such an attack by a foreign government not with bombs or missiles, but by crashing that country's digital infrastructure? The worm turns, so to speak.
"Or will we decide once again that the fault was our own, that the perpetrators can't be identified anyway, and that what we really need are more robust cyber-security systems -- and pray that the next attack doesn't kill us, too? " (ABC News)
But, emotionally satisfying as the idea as, I think that retaliation - even assuming that, say, North Korea's leaders are responsible for the latest attack - using the same form of attack would run the risk of killing "...thousands of people ... in a darkened city trapped in a blizzard or heat wave, or babies in microprocessor controlled incubators...." Without seriously affecting those responsible.
I rather hope that the author does not propose that the CIA hack into tens of thousands of computers across the globe for the purpose of overloading North Korea's websites.
An alternative to releasing malware and hoping for the best (I know: that's a bit unfair) would, I think, be to block servers from suspect countries from communicating with other servers in the rest of the world. With my limited understanding of the Internet, that wouldn't affect critical systems in the target country - apart from being isolated from services which provide time, weather, and other data - and would limit the effectiveness of future attacks to what they could physically move across the border.
It would be nice to have a world where most countries have stable economies and governments whose leaders have a vested interest in keeping their countries on good terms with others. That will make enforcement of reasonable legal sanctions against hackers possible.
Meanwhile, here in the real world, I think conditions even remotely resembling those are generations away. At best.
Bottom line: the ABC News op-ed has an important point. People whose computers are hacked are only a small part of the problem. Those who originate the attack need to be stopped: and a strictly defensive posture won't stop them.
- "Tiananmen Square 20th Anniversary: A Losing Battle for Traditional Information Gatekeepers"
(June 3, 2009)
- "Pentagon Computers Hacked - Joint Strike Fighter Project Data This Time"
(April 21, 2009)
- "Cyberspy Network Hacked 103 Countries' Systems"
(March 29, 2009)
- "Marine One Plans in Tehran - File Sharing Software and Sloppiness"
(March 1, 2009)
- "McCain Campaign BlackBerrys Sold at Bargain-Basement Prices - Confidential Data Included: What's the Matter With People These Days?!"
(December 15, 2008)
- "Worm Spreading Fast in Pentagon Computers: (not) in the News"
(November 21, 2008)
- "Pentagon Hacked, Removable Media Banned: Cyberattack Hits American Military"
(November 20, 2008)
- "International Monetary Fund Allegedly Hacked - And It's Not News"
(November 14, 2008)
- "White House Computers Hacked, Probably by China: News That's Not Fit to Print?"
(November 9, 2008)
- "World Bank Under Cyberattack? Surprise!"
(November 2, 2008)
- "World Bank Group Network Hacked; Chinese IPs Used: Just What We Need"
(October 10, 2008)
- "DC Gun Ban, Online Censorship, Individual Rights, and Power to the People"
(June 27, 2008)
- "The War on Terror? This May be The War For Freedom"
(March 18, 2008)
- Consumer electronics from China arrive pre-infected
- "Deterrence in Cyberspace: This Just Might Work"
(March 18, 2008)
- "FISA, the Patriot Act, and the Protect America Act: Who's Protecting Whom from Whom?"
(March 13, 2008)
- "PAA is Poo, and Kaput: Or, Who Should Congress be Protecting Americans From?"
(February 23, 2008)
- "Hacked Police Website: Get Used to This"
(February 21, 2008)
- "It's Not Both Sides: It's All Sides"
(September 4, 2007)
- "SKorea says attackers used IP address in 5 nations"
The Associated Press (July 10, 2009)
- First 13 and last four paragraphs are identical to an an article appearing in Sydney Morning Herald July 8, 2009: paragraphs 14, 15 and 16 appear to be new material.
- "Cyber-Terrorism and How We Should Respond"
ABC News (July 10, 2009)
- "Korea DDOS Virus Mission Shifts to Destroying, Erasing Data"
PCWorld (July 9, 2009)
- "SKorea says attackers used IP address in 5 nations"
Sydney Morning Herald (July 8, 2009)
- Re-published July 10, 2009, by AP, with three additional paragraphs.