Hacking attacks work of individual group, not North Korea, says Finnish security expert

With all the bad press North Korea is getting lately, it's not surprisingly that many people are instantly pointing the finger at the isolated Asian country.

Sites reportedly targeted in the attack included the Washington Post, FTC.Gov and usauctionslive.com, among others. But while even the Asscociated Press was told by US officials that some of the IP addresses of the attacks were coming from North Korea, others aren't so sure.

F-secure's Mikko Hypponen, who serves as the chief research officer and senior malware analyst for the Finnish Antivirus software company, believes that the North Korean government's sabre rattling does not extend to the Internet, no matter how much news sites such as Reddit (through Mx logic) would have you believe.

"No, I don' think it's cyber warfare...this type of thing has been going on for the last ten years", Hypponen said.

Hypponen is referring to what is known in the security industry as 'reflection attacks'  and says that these attacks occur because it allows individual groups who can't be engaged in the front line military/protest action to take part in the safety of online arena.

Hypponen cited previous cases of politically-motivated hacking attacks. During the Balkan war of the 1990s, US Navy websites were defaced by protest groups critical of the American bombing attacks on Belgrade.

And at the start of the Iraq war in 2004, various British websites were also attacked as rogue hacking groups vented their frustration. In each case, the attacks were linked to individual groups acting alone and not foreign governments.

As well as North Korea, the old-school Mydoom worm has also been linked to the attack, but don't believe everything you read online. Hypponen isn't sure how the rumour got started, but he did note that somebody sent the anti-virus firms a list of code used in the attacks. Hypponen isn't even sure who sent the list.

On that list was the 5 year-old Mydoom variant, but F-Secure don't believe the malware worm had any real part to play in the attacks. Because Mydoom is written as part of C-source code, it's a commonly found worm online and not necessarily the one we should all be worried about.

It's hard to say if the world will ever find out about who caused these attacks, said Hypponen.

"We probably won't ever find out", he told us.

F-secure have images of some of the attacked websites in question.