N. Korea is suspect in computer attacks
Incident shows U. S. is vulnerable
WASHINGTON — U. S. authorities Wednesday eyed North Korea as the origin of the widespread cyber attack that overwhelmed government Web sites in the United States and South Korea, although they warned that it would be difficult to definitively identify the attackers quickly.
The powerful attack that targeted dozens of government and private Web sites underscored how unevenly prepared the U. S. government is to block such multi-pronged assaults.
While Treasury Department and Federal Trade Commission Web sites were shut down by the software attack, which lasted for days over the Independence Day holiday weekend, other sites such as the Pentagon and the White House were able to fend off the attack with little disruption.
The North Korea link, described by three officials, connected the U. S. attacks to another wave of cyber assaults that hit government agencies Tuesday in South Korea. The officials said that while Internet addresses have been traced to North Korea, that does not mean the attack involved the Pyongyang government.
South Korea intelligence officials have identified North Korea as a suspect in the attacks and said that the sophistication of the assault suggested it was carried out at a higher level than individual hackers.
U. S. officials would not go that far and declined to discuss publicly who was behind the attack or how it was done.
Meanwhile, a South Korean computer security company said another wave of cyber attacks was expected there today against seven Web sites, including a government security agency, Kookmin Bank and the Chosun Ilbo newspaper.
In an Associated Press interview, Philip Reitinger, deputy undersecretary at the Homeland Security Department, said the far-reaching attacks demonstrate the importance of cyber-security as a critical national security issue.
The fact that a series of computers were used in an attack, Reitinger said, “doesn’t say anything about the ultimate source of the attack.”
Targets of the most widespread cyber offensive in recent years also included the National Security Agency, Homeland Security Department, State Department, Federal Trade Commission, Transportation Department, the Nasdaq stock market and the Washington Post newspaper, according to an early analysis of the software used in the attacks.
The Associated Press obtained the target list from security experts analyzing the attacks.
Other experts in cyber assaults said the incident shined a harsh light on the U. S. government’s efforts to protect all of its agencies against Web-based attacks.
James Lewis, a senior fellow at the Center for Strategic and International Studies, said the fact that both the White House and Defense Department were attacked but didn’t go down while other government sites did points to the need for coordinated government network defenses.
“It says that they were ready and the other guys weren’t ready,” he said. “We are disorganized. In the event of an attack, some places aren’t going to be able to defend themselves.”
The wave of cyber assaults are known as “denial of service” attacks. Such attacks are not uncommon and are caused when Web sites are so deluged with Internet traffic that they are effectively taken off-line. Mounting such an attack can be relatively easy and inexpensive, using widely available hacking programs. They become far more serious if hackers infect and tie thousands of computers together into “botnets.”
Joe Stewart, director of mal-ware research for the counterthreat unit of SecureWorks Inc., said there is no indication yet of a claim of responsibility hidden anywhere in the program behind the attacks. Stewart and other researchers are analyzing the code for clues about the attacker’s identity.
Stewart noted that the attacks on U. S. government sites appeared to expand after the initial assaults over the holiday weekend failed to generate any publicity. He said the “target list” contained in the program’s code had only five U. S. government sites on it on Sunday but was broadened the next day to include nongovernment sites inside the U. S.
The following day, the South Korean Web sites were added.
“It seems to me they thought the first round wasn’t successful . . . They felt they weren’t getting enough attention because nobody was talking about their attacks,” Stewart said.
The cyber assault on the White House site had “absolutely no effect on the White House’s day-to-day operations,” said spokesman Nick Shapiro. He said that preventive measures kept whitehouse.gov stable and available to the general public but that Internet visitors from Asia may have experienced problems.
All federal Web sites were back up and running, Shapiro said. A State Department spokesman said the agency’s site was up but still experiencing problems. A Web site for the U. S. Secret Service had experienced access problems but did not crash, the agency’s spokesman said.
The cyber attack did not appear, at least at the outset, to target internal or classified files or systems, but instead aimed at agencies’ public sites, creating a nuisance both for officials and the Web consumers who use them.
Log into MyBuffalo to post a comment
MyBuffalo is the new social network from Buffalo.com. Your MyBuffalo account lets you comment on and rate stories at buffalonews.com. You can also head over to mybuffalo.com to share your blog posts, stories, photos, and videos with the community. Join now or learn more.
Reader comments