DOD Attacks Renew Fears

Opinion:Speculation swirls about cyber-terrorism potential.

Its been more than a decade since the first breathless warnings were issued from Seoul: According to South Korean information security experts, the hard-line communists of North Korea in 1994 were busily training a cadre of superhackers at the totalitarian states Automated Warfare Institute.

The South Koreans dubbed the school Mirim College, saying that techno-warfare was of particular interest to North Korean leader Kim Jong Il. The North Koreans would almost certainly team with a better-established and more technologically advanced partner in their efforts, it was predicted. In the immediate wake of the warnings, South Korea and its Western allies waited for the cyber-attacks to begin.

They never did. Many in the business of computer security have pointed out that it seems unlikely that a country that has difficulty keeping its lights on and its populace fed would pose much of a threat to critical technology infrastructure. Mirim College still gets the occasional reference in the Korean tabloid press, but the lack of any substantial malicious activity took much of the edge off the fear of an organized corps of trained enemy hackers.

That was until late last week. A mix of reports and rumors began swirling about persistent and substantial attacks on U.S. government computers, especially the more than 5 million machines at the Department of Defense, coming from computers within North Koreas last significant communist ally, China.

No classified systems have been compromised in the attacks, which have been going on for at least two years, government officials said. Theyve even given the attacks a code name: Titan Rain. Published reports say the FBI has opened an investigation into the attacks, although FBI officials decline to comment.

/zimages/5/28571.gifClick here to read Chris Gonsalves pessimistic views about network security.

Still, experts in and out of the government disagree on who the real culprits are and what their motives might be. While hackers of any stripe might take advantage of the huge number of unprotected and untraceable machines in China to mask their work and its origins, a handful of experts are whispering that the assault on U.S. IT assets might be the organized work of state-sponsored cyber-terrorists.

According to the Pentagons recent Annual Report on the Military Power of the Peoples Republic of China, the communist nations CNO (computer network operations) "include computer network attack, computer network defense, and computer network exploitation."

"[China] has likely established information warfare units to develop viruses to attack enemy computer systems and networks," according to the report.

The Chinese government has issued stern denials in the wake of the report, but the ongoing attacks on the DODs networks, especially considering their Asian origin, begs the question: Has a graduating class of North Korean hackers begun working through China, as the South Koreans predicted 11 years ago?

According to officials in Seoul, there should now be between 600 and 1,000 elite hackers—chosen from among the North Korean Armys brightest—with skills that range from virus writing to compromising networks to thwarting weapons guidance systems.

As South Korean analysts have always known, the North Koreans have the skill, even if they lack the infrastructure themselves to do much cyber-damage. The North Korean .kp top-level domain remains barely used, and the handful of active North Korean Web sites are hosted mostly in China. North Korea does have a fairly robust government intranet, however, and its software developers have become skilled enough to engage in outsourcing work for South Korean and Japanese enterprises.

So, the recent rash of cyber-attacks on our government networks could indeed be the work of the North Koreans, with or without the help and knowledge of the Chinese. If so, the best defense for the United States is probably a good offense. Trying to talk Kim Jong Il out of such efforts would be fruitless, but negotiating with the hackers Chinese hosts, who are now seeking improved, trusted relations with IT outsourcers here, would seem to be the best way to stem the flow of hack attacks, no matter where the perpetrators learned their trade.

Executive Editor/News Chris Gonsalves can be contacted at

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

To read more Chris Gonsalves, subscribe to eWEEK magazine.