U.S., South Korea Targeted in Swarm of Internet Attacks
Thursday, July 9, 2009
U.S. and South Korean authorities yesterday were investigating the source of attacks on at least 35 government and commercial Web sites in the two countries, officials said.
In the United States, the attacks primarily targeted Internet sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer security researchers. But The Washington Post's site was also affected.
South Korea's main spy agency, the National Intelligence Service, said in a statement that it thought the attacks were carried out "at the level of a certain organization or state" but did not elaborate. The South Korean news agency Yonhap and the JoongAng Daily, a major newspaper in Seoul, reported that intelligence officials had told South Korean lawmakers that North Korea or its sympathizers were prime suspects. A spokesman for the intelligence service said that it could not confirm the report.
The attacks were described as a "distributed denial of service," a relatively unsophisticated form of hacking in which personal computers are commanded to overwhelm certain Web sites with a blizzard of data. The effort did not involve the theft of sensitive information or the disabling of crucial operational systems, government and security experts said. But they noted that it was widespread, resilient and aimed at government sites.
Earlier this year, a number of South Korean news organizations reported that North Korea was running a cyberwarfare unit targeting military networks in South Korea and the United States. And North Korea, along with other countries, is known to be looking into U.S. cybersecurity capabilities and vulnerabilities, said Daniel T. Kuehl, an expert on information warfare at National Defense University.
The specter of cyberwarfare has led the Pentagon to develop a new cybersecurity command and raised questions about the government's ability to defend against attacks that could undermine national and financial security.
Experts, however, cautioned against implicating North Korea too soon.
"In the dozens of instances that I worked over the past decade, I cannot recall a single instance in which someone intending to attack came from the source it appeared to have come from," said Dale W. Meyerrose, former chief information officer for the Office of the Director of National Intelligence. "Most attackers in cyberspace try to mask who they really are."
Officials declined to confirm the agencies affected, but according to security researchers and a Korean-language computer security Web site, the White House site was among at least 35 hit. White House spokesman Nick Shapiro said Wednesday that denial-of-service attacks on federal networks are a daily occurrence and that the WhiteHouse.gov site was "stable" and available to the general public, "although visitors from regions in Asia may have been affected."
Over the weekend, tens of thousands of computers around the globe were infected with rogue software -- a bug called MyDoom -- that told them to repeatedly attempt to access the targeted sites, a tactic aimed at driving up traffic beyond the sites' normal capacity and denying access to legitimate users, according to the researchers, many of whom spoke on the condition of anonymity because they are helping with the investigation.
The Department of Homeland Security's U.S. Computer Emergency Response Team received the first reports of the attacks on July 4 and assessed the threat through the weekend, said Philip Reitinger, deputy undersecretary of the department's National Protection and Programs Directorate. "We talked to our partners, analyzed the scope and nature of attack, developed a series of recommended actions," and provided the analysis and recommendations to other agencies, contractors and private-sector firms that might be affected, he said.
By Tuesday evening, officials said, all federal sites were up and running.