Cyberattacks stall Web sites across U.S., South Korea
7/9/2009WASHINGTON - A wave of cyberattacks aimed at 27 American and South Korean government agencies and commercial Web sites temporarily jammed more than a third of them over the past five days, and several sites remained stalled or extremely slow yesterday.
Officials and computer experts in the United States said the attacks were unsophisticated and relatively small-scale.
The attacks' origin has not been determined.
Experts said 50,000 to 65,000 computers had been commandeered by hackers and ordered to flood specific Web sites with access requests, causing them to slow or stall.
Targets of the most widespread cyberoffensive of recent years included the White House, the Pentagon, National Security Agency, Homeland Security Department, and State Department, the New York Stock Exchange, the Nasdaq stock market, and The Washington Post, according to an early analysis of the malicious software used in the attacks.
The cyberassault on the White House site had "absolutely no effect on the White House's day-to-day operations," spokesman Nick Shapiro said.
Preventative measures kept whitehouse.gov "stable and available to the general public," he said.
Many of the U.S. government targets appear to have successfully blunted the sustained computer assaults.
But others, such as the Treasury Department, were knocked offline at times.
The cyberattack did not appear to target internal or classified files or systems, but instead aimed at agencies' public sites, creating a nuisance for officials and the Web consumers.
Researchers who are followingthe attacks said they began Saturday and focused on the U.S. government Web sites but later expanded to include commercial sites in the United States and then to commercial and government sites in South Korea.
In South Korea, at least 11 major sites have slowed or crashed since Tuesday, including those of the presidential Blue House, the Defense Ministry, and the National Assembly, according to the government's Korea Information Security Agency. Some of the South Korean sites regained service yesterday, but others remained unstable or inaccessible.
"This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organization or on a state level," the South Korean spy agency said.
The spy agency said the attacks appeared to have been carried out by a hostile group or government, and the news agency Yonhap reported that the agency had implicated North Korea or pro-North Korean groups.
South Korea's opposition Democratic Party accused the spy agency of spreading rumors to whip up support for an anti-terrorism bill that would give it more power.
U.S. authorities eyed North Korea as the origin of the attack, but warned the complexities of the Internet make it difficult to identify the attackers quickly.
The officials said that while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved the Pyongyang government.
The officials spoke on condition of anonymity.
South Korea intelligence officials have identified North Korea as a suspect in those attacks and said the sophistication of the assault suggested it was carried out at a higher level than just rogue or individual hackers.
U.S. officials publicly declined to discuss who may have instigated the intrusion or how it was done.
Although most of the North Korean military's hardware is decrepit, the South Korean authorities have expressed concern over possible cyberattacks from the North.
In May, South Korean media reported that North Korea was running a cyberwarfare unit that operates through the Chinese Internet network and tries to hack into American and South Korean military networks.
U.S. computer security researchers who have examined the attacking software and watched network traffic played down both the sophistication and extent of the attacks.
"I would call this a garden-variety attack," said Jose Nazario, manager of security research at Arbor Networks, a network security firm based in Chelmsford, Mass. He said that the attackers were generating about 23 megabits of data a second, not enough to cause major disruptions of the Internet at most of the sites that are being attacked.
"The code is really pretty elementary in many respects," he said. "I'm doubting that the author is a computer science graduate student."