10 comments

[ 5.2 ms ] story [ 43.3 ms ] thread
The title is misleading; the source might be a UK based server but actually that would suggest to me it is entirely unlikely that the attackers originate from the UK

It's not hard to buy servers in the UK from abroad - and doing so is sensible (and these crackers seem sensible) because it is one extra layer of security :)

Good point, the attack has been traced back to an IP address in the UK. At this point they don't know the actual source, but authorities are investigating all possibilities. That raises a whole other conversation about law enforcement in UK and whether it has the skills or resources to aid investigation.
It does ;)

(disclaimer: I work in the UK doing computer forensics)

Actually no that is nto true - it 100% depends on who's jurisdiction it comes under. Some authorities are superb on the technical abilities, others are somewhat clueless.

"The results contradict assertions made by some in the US and South Korean governments that North Korea was behind the attack. Security analysts had been skeptical of the claims, which were reportedly made in off-the-record briefings and for which proof was never delivered."

Exactly. As I said before claiming NK did it is utter nonsense. They don't have the resources for it.

I've met North Koreans who are reasonably savvy crackers.

Similairly there are a few rich NK's with the resources to purchase a bot net from a russian gang.

This attack isnt rocket science (either in ability or cost).

Did you actually read the article? They traced it to the UK.
Quote:

through this has been able to discover the master server.

That server has an IP address in the 195.90.118.x range, Nguyen said.

The address is registered to Global Digital Broadcast in the UK.

The server is in the UK. That means nothing (believe me - this is my job :)).

At least they traced something. The other guys just said it's NK without even testing.
Btw. how do you actually meet North Koreans? It's not like they are allowed o travel everywhere. Also usually people aren't let into NK and even if they do visit the NK the secret police is following every step.
Story says the source of the attacks was Uk. That is a fair comment. the UK should have sufficient control to prevent ISPs and datacentres in its geography launching this sort of attack, regardless of who commissioned it in the first place. It is perfectly feasible that the attack was bought 'off the shelf' - but it is important ot find the site from which the attack was launched, as well as the ultimate controllers. Remember McCollo?