experts: Cyberstrikes originated from Britain

Experts have warned a recent wave of cyber-strikes that crippled thousands of computers could have originated within Britain rather than South Korea.

Security researchers in Vietnam say that the source of last week's attacks can be traced back to the UK. The Mydoom virus overwhelmed systems belonging to the US Treasury and the office of the South Korean president Lee Myung-Bak.

This is a contradiction to some earlier reports that the surge in attacks may have been coordinated from North Korea, a theory largely driven by intelligence reports presented to the authorities in Seoul.

"We have analysed the malware pattern that we received" said Nguyen Minh Duc, a director of Vietnamese security company BKIS, in a post on the company's blog. "We found a master server located in the UK."

The investigators said they'd discovered new details on how the strikes took place by investigating and tracing back the attacks.

Infected computers tried to contact one of eight so-called command and control servers every three minutes. These machines then gave instructions to the hacked PC - generally ordering them to direct traffic straight at victim websites, in attempt to overload them and force them to crash.

But these eight servers were being controlled by a single source, which evidence indicated was located somewhere in Britain.

"Having located the attacking source in UK, we believe that it is completely possible to find out the hacker," wrote Nguyen. "This of course depends on the US and South Korean governments."

However, government officials in South Korea are still trying to find out whether the strikes actually originated in the UK, or whether Britain was simply being used to screen the true location of those behind the attacks.

print this article

Return to internet news headlines
View Internet News Archive

Share with: