International fingerpointing in the recent cyber attacks against U.S. and South Korean websites has widened to include Great Britain, as researchers examining the attacks trace them to a server in the United Kingdom.

But the British company that owns the server says it, in turn, traced the attacks to a VPN connection originating in Miami, Florida.

With hawks in Congress and the press urging President Barack Obama to launch an all-out cyber war in retaliation for the website outages, things are looking bad for the Sunshine State. Though it should be noted that the Miami connection was likely just another proxy used by the hacker, who could be based in the U.S. or anywhere else.

Researchers at Bkis Security in Hanoi, who reported findings about the British server on their company's blog, say that the denial-of-service attacks that struck more than three dozen government and commercial sites last week were launched from more than 166,000 computers in 74 countries controlled by a server in the UK. The IP range for the server is 195.90.118.xxx, which is registered to Global Digital Broadcast, which streams digital TV content from Latin America to consumers.

A company representative was unavailable for comment.

But in a July 14 press release, the company indicated that it had traced the attacks to a VPN connection from Miami controlled by Digital Latin America, a Buenos Aires-based company with a facility in Florida that provides technical services to providers of digital content.

According to the post, the Digital Latin America connection was set up as "an exploit finder," presumably used by the botnet herder to rustle up vulnerable computers to use in the attack.

A spokeswoman for Digital Latin America confirmed that Global Digital Broadcast contacted the company Tuesday morning about the role its network may have played in the attacks. Amaya Ariztoy, general counsel for Digital Latin America, said that the server allegedly used for the attack provides streaming services to a third company that provides digital content, which in turn transferred the signal to Global Digital Broadcast in the UK.

"We're investigating and cooperating with authorities," Ariztoy said, while noting that the company had not yet been contacted by any authorities investigating the issue.

Bkis, which is a member of Vietnam's Computer Emergency Response Team, was asked to investigate the attacks by South Korea's Computer Emergency Response Team.

They found that zombie computers used in the cyber attacks were located around the world, primarily in South Korea, the United States, China and Japan, and were part of eight different botnets. U.S. researchers had previously estimated that systems used in the attack numbered around 60,000.

The Bkis researchers found that every three minutes the infected computers randomly contacted one of eight servers to receive instructions. After gaining control of two of the botnet command and control servers, the researchers examined their logs and discovered that they were in turn contacting the master server in the UK, which was running a Microsoft Windows operating system.

[Updated with response from Digital Latin America.]

Photo: US Air Forc

See also: