Another day, another cyberwarfare accusation

Graham Cluley
Graham Cluley: Hoekstra needs some new internet experts

Today it's Russia vs. Georgia. No, wait, I mean the US vs. North Korea.

Hang on, that could be the UK vs. the world actually...

My point is that every day another cyber espionage accusation rears its ugly head. In some ways it's almost like a playground scrap, with one country poking its tongue out at the other.

However, as with all confrontation, things often come to a head - and although no one admits that there is a 'situation' to contend with, suspicion often prompts some rather short sighted reactions.

Take last week's outburst from Congressman Peter Hoekstra, the lead Republican on the House Intelligence Committee - he urged President Barack Obama to launch a 'show of force or strength' against North Korea, for its alleged part in a series of distributed denial-of-service (DDoS) attacks earlier this month.

Hoekstra wasted no time in telling the The Washington Times' America's Morning News radio show that "it's time for America, South Korea, Japan and others to stand up to North Korea" by launching a retaliatory cyberattack or international sanctions. According to the Congressman, if action is not taken "next time they'll go in and shut down a banking system...or manipulate the electrical grid either here or in South Korea. Or they will try and miscalculate, and people will be killed."

If you're keen to hear the Michigan politician in full flow, you can listen here

Zero evidence

Now, there's only one small problem with what Hoekstra says - it's complete nonsense. No evidence has been produced showing that the North Korean Government is behind the denial-of-service attacks.

Despite his claims, attacks like these don't need the backing of the state. The Congressman has failed to recognise that hackers can be based anywhere on Earth and can command a worldwide botnet to bombard websites with traffic at the touch of a button.

DDoS attacks are relayed through innocent people's computers all around the world, meaning that your Auntie Ethel's computer - which may normally be pumping out Viagra adverts - could today be engaged in a DDoS attack. In other words, innocent people's PCs may unwittingly be taking part in a cyber war.

Consequently, such circumstances make it very hard to prove that an attack is officially sponsored by a particular government or army, as opposed to a lone 16-year-old boy working in his back bedroom or a politically-motivated hacktivist with an axe to grind.

Unsurprisingly, this isn't the first time that 'tech-savvy' Pete Hoekstra has found himself the subject of a computer security debate.

The Congressman is well-known in the cyber community for putting his own life (and those charged with protecting him) at risk after he carelessly Twittered his top secret itinerary whilst in a helicopter over Baghdad earlier this year. Actions clearly demonstrating that, in an internet age, it's no longer 'think before you speak', it's 'think before you tweet' or risk a national security crisis.

If Mr Hoekstra has been advised by internet gurus that these attacks definitely came from North Korea, then I would politely suggest that he finds himself some new internet experts.


Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos website you can find him on Twitter at @gcluley.