

Was UK source of massive denial of service attack on US? - monkeygrinder
http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?newsid=15693

======
E5Rebel
Story says the source of the attacks was Uk. That is a fair comment. the UK
should have sufficient control to prevent ISPs and datacentres in its
geography launching this sort of attack, regardless of who commissioned it in
the first place. It is perfectly feasible that the attack was bought 'off the
shelf' - but it is important ot find the site from which the attack was
launched, as well as the ultimate controllers. Remember McCollo?

------
ErrantX
The title is misleading; the source might be a UK based server but actually
that would suggest to me it is entirely unlikely that the _attackers_
originate from the UK

It's not hard to buy servers in the UK from abroad - and doing so is sensible
(and these crackers seem sensible) because it is one extra layer of security
:)

~~~
monkeygrinder
Good point, the attack has been traced back to an IP address in the UK. At
this point they don't know the actual source, but authorities are
investigating all possibilities. That raises a whole other conversation about
law enforcement in UK and whether it has the skills or resources to aid
investigation.

~~~
ErrantX
It does ;)

(disclaimer: I work in the UK doing computer forensics)

Actually no that is nto true - it 100% depends on who's jurisdiction it comes
under. Some authorities are _superb_ on the technical abilities, others are
somewhat clueless.

------
onreact-com
"The results contradict assertions made by some in the US and South Korean
governments that North Korea was behind the attack. Security analysts had been
skeptical of the claims, which were reportedly made in off-the-record
briefings and for which proof was never delivered."

Exactly. As I said before claiming NK did it is utter nonsense. They don't
have the resources for it.

~~~
ErrantX
I've met North Koreans who are reasonably savvy crackers.

Similairly there are a few rich NK's with the resources to purchase a bot net
from a russian gang.

This attack isnt rocket science (either in ability or cost).

~~~
onreact-com
Did you actually read the article? They traced it to the UK.

~~~
ErrantX
Quote:

 _through this has been able to discover the master server.

That server has an IP address in the 195.90.118.x range, Nguyen said.

The address is registered to Global Digital Broadcast in the UK. _

The _server_ is in the UK. That means nothing (believe me - this is my job
:)).

~~~
onreact-com
At least they traced something. The other guys just said it's NK without even
testing.

