A Vietnamese security researcher said they discovered the IP address of the master server which was used in attacking the United States and Korean government agency.
Bach Khoa Internetwork Security (Bkies), a Vietnamese agency, is a member Asian Pacific Computer Emergency Response Team (ACERT) and had been requested by KrCERT (Korean Computer Emergency Response Team) to cooperate in analyzing the malware that was performing DDoS attacks on websites of South Korea and the US.
After the careful evaluation and pattern studies, the agency found a master server which controls 8 command & control servers to make a series of cyber-attack.
We have fought against C&C servers and have gained control of 2 in 8 of them. After analyzing the logs of these 2 servers, we discovered the IP address of the master server, which is 195.90.118.xxx. This IP is located in UK. The master server is running on Windows 2003 Server Operating System, said Nguyen Minh Duc Senior Security Researcher / Bkis Security Director.
Bkis has sent the detail of research and the information of the master server in UK to US-CERT and KrCERT.
BKis said that it is now possible to find the hacker behind the US, Korea DDoS attacks but the agency reiterated that it will depend on US and Korean governments.
The Korean authorities confirmed the report as credible according to the Korea Times report.
The Government of South Korea law enforcement authorities are now doing its best to coordinate with the British government to investigate the attack.