» This Story:Read +| Comments
Page 2 of 3   <       >

South Korea Bombarded With More Web Attacks

Discussion Policy
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.

Experts, however, cautioned against implicating North Korea too soon.

This Story
View All Items in This Story
View Only Top Items in This Story

"In the dozens of instances that I worked over the past decade, I cannot recall a single instance in which someone intending to attack came from the source it appeared to have come from," said Dale W. Meyerrose, former chief information officer for the Office of the Director of National Intelligence. "Most attackers in cyberspace try to mask who they really are."

Officials declined to confirm the agencies affected, but according to security researchers and a Korean-language computer security Web site, the White House site was among at least 35 hit. White House spokesman Nick Shapiro said yesterday that denial-of-service attacks on federal networks are a daily occurrence and that the WhiteHouse.gov site was "stable" and available to the general public, "although visitors from regions in Asia may have been affected."

Over the weekend, tens of thousands of computers around the globe were infected with rogue software -- a bug called MyDoom -- that told them to repeatedly attempt to access the targeted sites, a tactic aimed at driving up traffic beyond the sites' normal capacity and denying access to legitimate users, according to the researchers, many of whom spoke on the condition of anonymity because they are helping with the investigation.

The Department of Homeland Security's U.S. Computer Emergency Response Team received the first reports of the attacks on July 4 and assessed the threat through the weekend, said Philip Reitinger, deputy undersecretary of the department's National Protection and Programs Directorate. "We talked to our partners, analyzed the scope and nature of attack, developed a series of recommended actions," and provided the analysis and recommendations to other agencies, contractors and private-sector firms that might be affected, he said.

By Tuesday evening, officials said, all federal sites were up and running.

The DHS shared copies of the computer bug with private-sector partners that could help analyze it and devise mitigation measures, security consultants said.

"DHS helped improve the efficiency of the response," said Amit Yoran, chief executive of NetWitness, a Herndon security firm.

Tamping down the attacks, however, took several days because the technology that would be most effective at scouring the Web traffic for the code was not widely deployed by Internet providers and telecommunications companies, said Peder Jungck, founder and chief technology officer of Cloudshield, a California cybersecurity firm.

"They had to go searching, needle-in-a-haystack style, to track all the specific computer locations" that were flooding Web sites with requests, "and then creating big lists of what machines to block," he said.

Several security consultants said it was too early to say exactly how many computers may have been taken over to help perpetrate the attack. Jose Nazario, security research manager of Arbor Networks, estimated the number to be in the "low tens of thousands," although other experts have put the total at closer to 60,000.

At least one expert described the software as "amateurish" and full of programming errors.

<       2        >

» This Story:Read +| Comments

More in Technology

Brian Krebs

Security Fix

Brian Krebs on how to protect yourself from the latest online security threats.

Cecilia Kang

Post Tech Blog

The Post's Cecilia Kang on the FCC, net neutrality and more tech policy.

Rob Pegoraro

Faster Forward

Tech columnist Rob Pegoraro blogs about gadgets, software, tech glitches and more.

© 2009 The Washington Post Company