By I was wondering to at first whether the USFK site was hit by the North Korean hackers or not, but the site only appears down now because it can only be accessed on a DOD network currently:
The cyber attack that overwhelmed a variety of government Web sites in the United States and South Korea has had no effect on U.S. Forces Korea operations, USFK spokeswoman Col. Jane Crichton said.
“We continue to protect networks and remain vigilant as we routinely do,” she said in a statement issued Thursday. “In the interest of security, we don’t discuss specific operations.”
USFK’s Web site appeared to be down Thursday, and Korean news organizations reported that it had been a victim of the cyber attack.
However, Hwang Mi-kyung of Ahn Lab Inc. — a South Korean security solutions company — said those reports were wrong and the cyber attacks had not affected U.S. military Web sites in Korea.
Ahn Lab security specialists said publicly that more cyber attacks on South Korean Web sites were expected, but Hwang said there was no way to predict whether U.S. military sites might be hit.
Lt. Col. Jeff Buczkowski, spokesman for the 8th U.S. Army, echoed Crichton’s comments in saying that operations had not been affected.
“The [U.S. Department of Defense] information grid is scanned millions of times daily, but we continue to remain vigilant and protect our networks,” he said. [Stars & Stripes]
9:01 pm on July 12th, 2009 1
My limited understanding is that the attack was based on the variant of a previous known worm and not terribly sophisticated. No damage was reported on US government sites, perhaps with the exception of denial of use for outside sources. The biggest losers would be government sites that do not routinely update against virises.
Reply
July 13th, 2009 at 4:03 am
A denial of service attack is not an internal attack; such as having your system infected by a worm or virus. It’s an external attack where your gateways are bombarded with requests from thousands of outside computers simultaneously and incessantly. The system becomes overwhelmed and cannot process legitimate requests.
The most common defence is to tell your systems to ignore traffic from the suspect sources. When you can’t narrow down the sources of the attack, then you only accept requests from your own trusted domain. In the case of USFK, that trusted domain is the .MIL
Generals LaPorte and Bell used to have their kachi kapshida on USFK.mil where they had a dialogue with the Korean public published in hangul. If that is no longer part of the USFK mission, then I guess USFK is telling the truth and shutting down public access as a precaution during the attacks is not a mission impact.
Reply