Page 2 of 3   <       >

South Korea Bombarded With More Web Attacks

Experts, however, cautioned against implicating North Korea too soon.

"In the dozens of instances that I worked over the past decade, I cannot recall a single instance in which someone intending to attack came from the source it appeared to have come from," said Dale W. Meyerrose, former chief information officer for the Office of the Director of National Intelligence. "Most attackers in cyberspace try to mask who they really are."

Officials declined to confirm the agencies affected, but according to security researchers and a Korean-language computer security Web site, the White House site was among at least 35 hit. White House spokesman Nick Shapiro said yesterday that denial-of-service attacks on federal networks are a daily occurrence and that the site was "stable" and available to the general public, "although visitors from regions in Asia may have been affected."

Over the weekend, tens of thousands of computers around the globe were infected with rogue software -- a bug called MyDoom -- that told them to repeatedly attempt to access the targeted sites, a tactic aimed at driving up traffic beyond the sites' normal capacity and denying access to legitimate users, according to the researchers, many of whom spoke on the condition of anonymity because they are helping with the investigation.

The Department of Homeland Security's U.S. Computer Emergency Response Team received the first reports of the attacks on July 4 and assessed the threat through the weekend, said Philip Reitinger, deputy undersecretary of the department's National Protection and Programs Directorate. "We talked to our partners, analyzed the scope and nature of attack, developed a series of recommended actions," and provided the analysis and recommendations to other agencies, contractors and private-sector firms that might be affected, he said.

By Tuesday evening, officials said, all federal sites were up and running.

The DHS shared copies of the computer bug with private-sector partners that could help analyze it and devise mitigation measures, security consultants said.

"DHS helped improve the efficiency of the response," said Amit Yoran, chief executive of NetWitness, a Herndon security firm.

Tamping down the attacks, however, took several days because the technology that would be most effective at scouring the Web traffic for the code was not widely deployed by Internet providers and telecommunications companies, said Peder Jungck, founder and chief technology officer of Cloudshield, a California cybersecurity firm.

"They had to go searching, needle-in-a-haystack style, to track all the specific computer locations" that were flooding Web sites with requests, "and then creating big lists of what machines to block," he said.

Several security consultants said it was too early to say exactly how many computers may have been taken over to help perpetrate the attack. Jose Nazario, security research manager of Arbor Networks, estimated the number to be in the "low tens of thousands," although other experts have put the total at closer to 60,000.

At least one expert described the software as "amateurish" and full of programming errors.

<       2        >

© 2009 The Washington Post Company