Hoekstra Calls for "Show of Force" in DDoS Attacks

According to Kim Zetter of Wired Magazine:

"Rep. Peter Hoekstra (R-Michigan), the lead Republican on the House Intelligence Committee, said the U.S. should conduct a 'show of force or strength' against North Korea for a supposed role in a round of attacks that hit numerous government and commercial websites this last week."

Hoekstra further claimed "the best people in America" believe the attacks originated in North Korea and that "this couldn't be the work of some amateurs".

In reality, security experts believe the DDoS attacks were the result of a derivative of the MyDoom worm - a malware choice that has amateur written all over it. First discovered in January 2004, the original MyDoom worm attempted to launch a DDoS attack against the SCO website, with a subsequent variant of the worm targeting Microsoft. Both attempts failed.

On July 3, 2009, attackers apparently edited the original MyDoom, modifying it to launch the DDoS attack against nearly 40 websites located in the U.S. and South Korea. The worm was then distributed to an estimated 20,000 computers in the AsiaPac region - the same region hit hard by the Microsoft zero day ActiveX exploit. These computers then began automatically (and constantly) sending malicious GET requests to the target websites.

On July 10 at 00:00GMT the infected computers then self-destructed. Code in the worm overwrote the hard drive, rendering the machines inoperable and the data largely unrecoverable.

Rather than make sweeping and unsubstantiated assumptions about the alleged perpetrators of the attack, it might better serve our country - and the Internet population as a whole - if lead politicians of the House Intelligence Committee hammered home the need for widespread adoption of antivirus software and leveraged sanctions against companies that allowed critical security vulnerabilities to go unreported and unpatched for over a year.