By Brian Krebs and Ellen Nakashima
Washington Post Staff Writers
Wednesday, July 8, 2009
A widespread and coordinated cyberattack during the past few days has targeted Web sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer security researchers.
The attack involved thousands of computers around the globe infected with rogue software that told them to repeatedly attempt to access the targeted sites, a tactic aimed at driving up traffic beyond the sites' normal capacity and denying access to legitimate users, according to the researchers, many of whom spoke on the condition of anonymity because they are helping with the investigation.
Amy Kudwa, a spokeswoman for the Department of Homeland Security, said that the agency was aware of ongoing attacks and that the government's Computer Emergency Response Team had issued guidance to public and private sector Web sites to stem the attacks.
"We see attacks on federal networks every day, and measures in place have minimized the impact to federal Web sites," Kudwa said.
The attack did not penetrate the targeted Web sites, and the attackers did not steal any data. The attack was reported last night by the Associated Press.
"It certainly seems to be a well-organized attack," said a government official familiar with the attack who spoke on the condition of anonymity. "There are a lot of computers involved. What we don't know is who is orchestrating it."
The official said that not knowing who's behind the assault is "problematic" from the standpoint of preventing future attacks. But from the point of view of response, he said, the government and private sector Internet service providers were able to "keep this down to a dull roar."
He said that the attacks were major in the sense that they were widespread and well-coordinated, and that though the FTC Web site was down most of the day Tuesday, "the reality is that most of the Web sites have been up most of the time so the countermeasures have been pretty effective."
Government officials declined last night to confirm the agencies affected by the attack. A White House official said that denial of service attacks on federal government Web sites are a regular occurrence and that there have not been any disruptions on White House Web sites recently.
A total of 26 Web sites were targeted, according to the researchers. In addition to sites run by government agencies, several commercial Web sites were also attacked, including those operated by Nasdaq, the New York Stock Exchange and The Washington Post. Representatives from washingtopost.com could not be reached for comment.
Another security researcher familiar with the attack said there appear to be at least 60,000 infected computers besieging the targeted Web sites. The researcher said a large percentage of those compromised systems were located in South Korea.
Joe Stewart, director of malware research at Atlanta based SecureWorks, said he examined the attack software and found that it contained few clues about its origins, although a line of text buried within the malware carried the cryptic message "get/china/dns." He said the attack is hitting various sites in the U.S. and South Korea simultaneously.