On July 5, McAfee, a leading internet security company, released a report
On July 5, McAfee, a leading internet security company, released a report “10 Days of Rain,” analyzing the malware that infected thousands of computers used against South Korean websites in March 2011.
McAfee concludes that the diverse cryptographic tools, the sophisticated use of botnets, the “sledgehammer” nature of the attack, and the fact that nearly all of its targets were in South Korea suggest that “this may have been a test of South Korea’s preparedness to mitigate cyberattacks, possibly by North Korea or their sympathizers.”
When looking at this report, it is important to remember that there is little credible information about North Korea’s cyber capabilities, and that many conclusions about the 2011 event (or the earlier 2009 event also ascribed to North Korea) must rely only on forensic evidence from the malware used in the incident itself. While this evidence is important, it is not at all conclusive about the authorship of the exploit. North Korea has made some technological advances in recent years, but the 2011 botnet may have been beyond their capabilities. That said, we know that cyber attack capabilities are becoming a normal part of military arsenals, and that North Korea has been trying to acquire indigenous cyber capabilities for years.
The source of the 2011 exploit remains a mystery, but it is no mystery that South Korea quickly needs to improve its defenses. The 2011 incident could have been very disruptive, as McAfee points out, if its full capability to erase data and cripple networks had been used.
North Korea is probably more tuned in to the internet and its power than any other country. Kim Jong-Il leads the world to believe that North Korean citizens have no access to the internet but he probably has millions of them in buildings hacking sites and creating computer viruses!!