All the communications were encrypted – often with different algorithms, to make commands and authentication codes harder to track and subvert.
The best part – from the Bond's-visit-with-Q part of this particular movie – is that the botnets would drive the DDOS attack for as long as 10 days, then self destruct to avoid capture.
On a pre-set schedule, the malware deleted many of its own critical files, then corrupted the master boot record of the host PC's hard drive to make the disk unusable and the files difficult to recover even with forensic software, according to an IDG News Service analysis of the report.
That's a lot of trouble and expense to go to for an attack that didn't try to force money out of the victims or make a vocal public point, as most attacks by hactivists or criminals would have.
The level of sophistication of the network, command mechanism, encryption and self-destruct, self-concealment showed far more work and sophistication than could be justified by a DDOS attack.
"DDOS can be done with software from your local cyber criminal," said Dmitri Alperovitch, vice president of threat research for McAfee Labs, in a telephone interview with IDG News. "The level of effort that went into this one far exceeds any DDoS botnets until now."
McAfee's conclusion was that the attack wasn't actually an attack. It was a probe to see how fast the South Korean government and military, backed by the U.S. military, could respond, stop the DDOS, decrypt and reverse-engineer the malware and track the attack back to its source.
Since no irreversible harm was done, even an investigation that showed the DDOS came straight from the personal laptop of the most recent generation of Fearless Leader wouldn't justify a response from the U.S. and South Korea that was "kinetic" (.mil-speak for "things that explode and kill people).
So even if the attack was a glorious failure, the risk of serious retaliation was small.
Not failing immediately, on the other hand, would give North Korea very good sense of how well South Korea would respond to an attack on more important targets (its phone and radio networks for example). And that would give the North Koreans a much better idea of how effective a cyberattack would be that was launched in conjunction with and attack IRL, according to the report.