A new detailed McAfee report (.pdf) offers a look at the botnet responsible for a DDoS attack on South Korean websites in March, and in a nutshell, its technical sophistication screams "state-sponsored cyberattack." As part of the attack, an embedded self-destruct sequence was hard-coded to initiate after 10 days, deleting selected files in a way that renders standard data recovery techniques unworkable, while a parallel thread forces a reformat by destroying the start of every physical drive with zeros. Few cybercriminals would go to such lengths to assemble a botnet only to render every node inoperable after 10 days.
The economic damage game
Conventional notions of cyberwar have in the past evoked fantastic (and often implausible) notions of power plants simultaneously shutting down, nuclear reactors abruptly going critical, bogus orders being issued to military units or even traffic lights flashing amok. While these scenarios do conjure up frightening images, I think McAfee's analysis underscores how cyberattacks are more likely mounted to be on the cheap, using hijacked computers. One key factor that deters countries from escalating military conflicts is the specter of steep economic costs. But what if you could inflict losses--economc ones--on an opposing state by means of DDoS attacks against a stock exchange or important commercial entity, or by bringing down key routers that support a country's Internet infrastructure? Confidence can be eroded by continually shutting down important government websites, or conducting propaganda campaigns via spambots--any action that makes the government look powerless. Plus, the appeal of a cyberattack is heightened by plausible deniability (it's tough to prove culpability) even as real economic costs are piling up for the enemy. In contrast to the obvious evidence of artillery shells and exploded bomb fragments, cyberwar could well be the low-risk weapon of choice to punish an enemy nation.