The White House, State Department and Pentagon websites were among those targeted in a coordinated cyberattack that also crippled sites in South Korea, computer security experts said Wednesday.
The Department of Homeland Security confirmed that US government and private sector websites had come under so-called "distributed denial of service" (DDoS) attack but declined to identify any of the targeted sites.
A denial of service attack attempts to paralyze a website by overwhelming it with traffic from an army of malware-infected computers known as a "botnet." It does not involve any theft of data.
"It was a pretty massive attack," Johannes Ullrich, chief technology officer for the private SANS Internet Storm Center, said of the Internet assault which began over the weekend.
"Nothing really terribly sophisticated. It just floods the websites," he told AFP. "It prevents the websites from responding. They're just overloaded with traffic."
"The only site that was hit pretty bad was the Federal Trade Commission, ftc.gov," he said.
Ullrich said US government sites which came under attack included the White House, Department of Homeland Security, Department of Transportation, Federal Aviation Administration, National Security Agency, State Department, US Postal Service, US Treasury Department and Voice of America.
A Pentagon site, defenselink.mil, was also targeted, he said, as was a site for US forces in South Korea.
Commander Jeffrey Gordon, a Department of Defense (DoD) spokesman, declined to discuss "specific operations" but said "we continue to protect networks and remain vigilant."
"There are millions of scans (not intrusion attempts, just scans) of the DoD Global Information Grid per day and we defend in depth every day," Gordon said. "There has been no impact on Defense Department operations."
South Korean lawmakers were quoted as saying that South Korea's intelligence service believes North Korea or its sympathizers may have staged the attack.
"This is not a simple attack by individuals. The attack appeared to have been elaborately prepared and staged by a certain organization or state," Seoul's National Intelligence Service (NIS) said in a statement.
The NIS said US authorities were cooperating to track down those responsible for hijacking 12,000 personal computers in South Korea and 8,000 abroad which were exploited as vehicles for the attacks.
Dean Turner, Global Intelligence Network director at security firm Symantec, said a "little over 50,000 machines" may have made up the botnet and the number of US and South Korean websites targeted was "greater than 20."
State Department spokesman Ian Kelly said an investigation was underway but "we can't confirm the source of attacks yet."
Symantec's Turner cautioned against assigning blame. "We don't know who is behind this, and we don't necessarily know what the purpose is either.
"We can say where the attacks are coming from, where those machines are located but that doesn't give us any visibility into the 'who.' The person or persons responsible could be located on the moon."
As to their effectiveness, Turner said "if the attackers' goal was to make these sites unavailable for anybody for an extended period of time, or just take them off the Internet, then I wouldn't say it was terribly successful.
"Some sites were very quick to recover," he said. "Some sites are still having some difficulties."
Homeland Security stressed that attacks on US government websites were a daily occurrence.
"We see attacks on federal networks every single day, and measures in place have minimized the impact to federal websites," spokeswoman Amy Kudwa said.
"As of last night, all federal websites were back up and running," she said.
Ullrich said private sector sites which came under attack included the New York Stock Exchange (NYSE), the Nasdaq electronic exchange, Web portal Yahoo!, online retail giant Amazon and The Washington Post.
The NYSE confirmed that nyse.com had come under attack but said it "has not experienced any impact."
US President Barack Obama has made cyber security a top priority and announced in May that he would name a "cyber czar" to defend against criminal, espionage and hacker attacks on US government and private computer networks.
related report
US State Department still under cyberattack
The US State Department said Wednesday it is probing the origin of a cyberattack against its website, which has been affected for three days running.
"What I can tell you is the attack against our state.gov website started on July 5," State Department spokesman Ian Kelly told reporters. "It's still ongoing, but I'm told that it's much reduced right now."
According to computer security experts, a dozen US government websites, including those of the White House, Pentagon and State Department, were targeted in a coordinated cyberattack which also struck sites in South Korea.
South Korean lawmakers were quoted as saying Wednesday that South Korea's intelligence service believes North Korea or its sympathizers may have staged the attack.
Kelly said the US computer emergency readiness team is working with State Department experts, the Department of Homeland Security (DHS) and other government agencies to try to resolve the problem.
DHS is leading the probe, he said.
The attack did not appear to cause major problems.
"I use the state.gov web site several times a day and I have not noticed any .. real difficulties in accessing it. That's just a personal finding," Kelly said.
"We're investigating, but we can't … confirm the source of attacks yet," the spokesman added.
The Department of Homeland Security confirmed earlier that US government and private sector websites had come under so-called "distributed denial of service" attack but declined to identify any of the targeted sites.
A denial of service attack attempts to paralyze a website by flooding it with traffic from an army of malware-infected computers known as a "botnet."
Share This Article With Planet Earth
