North Korea has been conducting “drills” for cyberwar against its southern neighbor using simple, but very effective denial-of-service attacks, according to security experts.
A team from McAfee looked into the attacks on South Korean internet networks in July 2009 and March this year, and concluded they were probably efforts by North Korea to test cyberwar weapons.
Those weapons are blunt and crude, but they work.
First, the attackers built a botnet – an army of slave PCs – by luring people to download free stuff from a popular file sharing site. Lurking inside the downloaded files were trojan horses, designed to install code on the hapless PCs and tie them to the botnet.
Later, when the command came from above, every single machine in that network would flood certain South Korean websites with requests, effectively bringing them down. That’s what’s known as a distributed denial-of-service attack, or DDoS.
It’s a tactic that’s been used time and again by everyone from governments to script kiddies. There was a degree of ingenuity in this attack though – the botnet was built quickly, used, then told to destroy itself.
The question to ask is: If large chunks of the web go offline for a day, or for a week, how much resilience is there to cope with alternative methods of communication? If the answer is “not much”, then you start to get an idea of how effective a weapon this sort of stuff can be.