Jump to Comments

More insights [translated] are coming out from the Korean side on the virus behind the ongoing July 4th DDoS attacks, including a full target list, and partial dissection of the tools being used.  There’s a lot more to that target list than meets the eye.

In a word, the targeting choice in the American and Korean case seems schizophrenic, and at best poorly planned.  In Korea, the targets represent a rather well-informed and comprehensive attempt to disrupt three major sectors of Korean society: political (Blue House, Defense and Foreign Ministries); economic (major banks); and social (news outlets and, critically, Naver.)  The Korean targets represent a neat, disruptive bundle: they are well-selected for symbolic value and volume of usage.

The American targets, by contrast, look like they were chosen by a fifth-grader fresh out of Civics.  One can see how thematically, they roughly parallel the Korean sites; political, defense, banking and social sites are all represented–but poorly.

Some anomalies: in banking, why target USBank, and not the far more significant Bank of America?  Why usauctionslive, not eBay?  And why the Department of Transportation, or the US Postal Service?  It seems an awful lot of digital firepower is directed at somewhat haphazardly-selected sites.  After all, DDoS attacks, like anything else, have finite resources–in the form of bandwidth and phony data it attacker can send.

The July 4th attacks might at first glance seem to be targeting many more American sites, but they’re poorly selected, and thus achieve much less than did the attack on Korean servers. Whoever is behind them either had something very specific in mind, or needs far better practice in the art of targeting, at least when it comes to American sites.  More to follow.

(For the interested: full target list after the jump.)

Korean Targets:

Financial & Commercial:
- Banking.nonghyup.com (bank, internet banking)
- Ebank.keb.co.kr (Korea Exchange Bank Internet Banking)
- Ezbank.shinhan.com (Shinhan Bank, Internet Banking)
- Www.auction.co.kr (Auction site)

Government & Defense:
- Www.president.go.kr (Blue House)
- Www.mnd.go.kr (Defense)
- Www.mofat.go.kr (Foreign Minister)
- Www.usfk.mil (U.S. Forces, Korea [Deployed across the 38th parallel])
- Www.hannara.or.kr (Grand National Party, the current ruling party)

Social & News:
- Blog.naver.com (Blogs on Naver, Korea’s largest internet ‘portal’)
- Mail.naver.com (Naver Mail)
- Www.chosun.com (Chosun Ilbo)
- Www.assembly.go.kr (Republic of Korea National Assembly)

U.S. Targets:

Financial & Commercial:
- Finance.yahoo.com
- Www.nasdaq.com
- Www.nyse.com
- Www.usbank.com (but not Bank of America, far larger)
- Www.usauctionslive.com (?…and not eBay?)
- Www.marketwatch.com
- Www.amazon.com

Government: Defense/Security Agencies:
- www.dhs.gov
- www.nsa.gov
- Travel.state.gov
- Www.state.gov
- Www.defenselink.mil

Government: Other Agencies:
- Www.whitehouse.gov
- Www.usps.gov (?!)
- Www.ustreas.gov
- Www.dot.gov (?)
- Www.faa.gov (?)
- Www.ftc.gov

“Social” (rough analogy) & News:
- Www.voa.gov
- Www.voanews.com
- Www.yahoo.com
- Www.washingtonpost.com
- Www.site-by-site.com