PCWorld is reporting that the distributed denial-of-service attacks against U.S. and South Korean government web sites was commanded from one controlling server, not in North Korea, not in South Korea, not in the UK, but rather Miami, Florida, U.S.A.
Yesterday, researchers at a Vietnamese security firm said they’d traced the command-and-control server that directed the attacks to an IP address used by Global Digital Broadcast of Brighton, England. The company provides IP television.
Further investigation revealed that the actual C-and-C machine is owned by one of Global’s partners, Digital Latin America, and is on a virtual private network connected to Global’s network in the U.K., but is physically in Miami, Fla. Digital Latin America encodes television programming for IP TV devices.
The attacks, which began the first week of this month, involved that controlling computer and eight other machines that sent periodic commands to a botnet of 167,000 compromised machines around the world.
Story here.
Tom Kelchner