Wednesday, July 8, 2009

North Korean Agency Suspected in Cyberattack

War Memorial of Korea - Honor Guard Ceremony a...Image by US Army Korea - IMCOM via Flickr
TOKYO, July 8 -- South Korea's intelligence agency suspects that North Korea may have been behind an Internet attack that on Tuesday and Wednesday targeted government web sites in South Korea and the United States, lawmakers in Seoul told news agencies
Twenty-six Web sites in the two countries, including the office of South Korea's president and the defense ministry, were targeted, the South Korean National Intelligence Service said in a statement. In the United States, the attack targeted Web sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer security researchers.
"The attacks appear to have been elaborately prepared and executed at the level of a group or a state," the agency said.
Eleven web sites in the United States had problems similar to those that occurred in South Korea, the Korean Information Security Agency said.
Some members of the intelligence committee in the National Assembly were told by intelligence officials that North Korea or its sympathizers were prime suspects in the attacks, according to Yonhap, the South Korean news agency, which cited unnamed legislators.
The attacks were described as "distributed denial of service," an operation that hacks into personal computers and commands them to overwhelm certain web sites with a blizzard of data.
About 12,000 PCs in South Korea and 8,000 outside the country were commandeered in the attack, according to the intelligence service.
South Korea is one of the world most wired countries, with broadband access in more than 90 percent of homes and Internet data-transfer speeds that are much faster than in most of the United States.
Earlier this year a number of South Korean news organization reported that North Korea was running a cyber-warfare unit that targets military computer networks in South Korea and the United States.
In the United States, the White House Web site was among those affected, according to Yonhap. But a White House official said Tuesday that "denial of service" attacks on federal government Web sites are a regular occurrence and that there have not been any disruptions on White House Web sites recently. U.S. government officials declined last light to confirm the agencies affected by the attack.
The attacks involved thousands of computers around the globe infected with rogue software that told them to repeatedly attempt to access the targeted sites, a tactic aimed at driving up traffic beyond the sites' normal capacity and denying access to legitimate users, according to the researchers, many of whom spoke on condition of anonymity because they are helping with the investigation.
Department of Homeland Security spokeswoman Amy Kudwa said that the agency was aware of ongoing attacks and that the government's Computer Emergency Response Team had issued guidance to public and private sector Web sites to stem the attacks.
"We see attacks on federal networks every day, and measures in place have minimized the impact to federal Web sites," Kudwa said. The attacks did not penetrate the targeted Web sites and the attackers did not steal any data.
Before reports emerged of North Korea's alleged involvement, a U.S. official familiar with the attacks who spoke on condition of anonymity said that not knowing who's behind the assault is "problematic" from the standpoint of preventing future attacks. But from the point of view of response, he said, the government and private sector Internet service providers were able to "keep this down to a dull roar."
He said that the attacks were major in the sense that they were widespread and well-coordinated, and that though the FTC Web site was down most of the day Tuesday, "the reality is that most of the Web sites have been up most of the time so the countermeasures have been pretty effective."
In addition to sites run by government agencies, several commercial Web sites were also attacked, including those operated by Nasdaq, the New York Stock Exchange and The Washington Post.
In South Korea, no classified information was compromised during the attacks in the past two days, the intelligence agency said, adding that it was cooperating with officials in the United States to track the source of the problem.
The agency said it would present an analysis of the attacks to parliament on Thursday.
Besides government offices and agencies, the attacks also targeted two large South Korean banks, a newspaper and the country's largest Internet portal. Most sites had returned to normal by Wednesday afternoon.
In South Korea, targeted government sites included the foreign ministry, the ruling party, parliament and the U.S.-South Korean military command.
North Korea, in recent months, has provoked its neighbors by launching a long-range missile, detonated its second nuclear device and repeatedly threatening war. On the Fourth of July, it launched seven missiles into the Sea of the Japan.

Source : WP

Reblog this post [with Zemanta]

0 comments:

Post a Comment