South Korea Backtracks On China As Source of Cyberattack 125
hackingbear writes "The suspected cyberattack that struck South Korean banks and media companies this week didn't originate from a Chinese IP address, South Korean officials said Friday, contradicting their previous claim. The Korea Communications Commission said that after 'detailed analysis,' the IP address used in the attack is the bank's internal IP address — which is, coincidentally identical to a Chinese ISP's address, among the 2^32 address space available."
I... don't understand this at all. (Score:4, Interesting)
On my home network, I use the private 24-bit block 10.x.x.x, in case I buy more than 16 million devices. Is the article saying that they decided to map public IPs they didn't own to internal devices? Notwithstanding the confusion such cases like the above would cause, this bank could conceivably leak banking data out to that Chinese ISP!
All the articles I can find are equally uninformative.
Mod SK up! (Score:5, Interesting)
How Mani other countries would admit this instead of just continuing to blame the big bad boogyman?
Re:I... don't understand this at all. (Score:2, Interesting)
If I were to guess, the bank had an old assignment and used the addresses internally. Then they gave up the assignment and the addresses were reallocated to somebody in China, but the bank continued to use their assigned addresses internally.
Re:Hanlon's (Score:5, Interesting)
I agree that it seems insane that a major bank would do this, however I've seen it in practice. A very major financial firm (who shall remain nameless) that I did some work for actually uses the public IP address range of the US dept. of defense as their internal IP space. It's never caused them any problems - since there's no need for them to connect to the US military, but it definitely left me and several colleagues scratching our heads when we first started looking at the network.
Re:Hanlon's (Score:4, Interesting)