David Baxter PhD
Late Founder
Cyberattacks Hit U.S. and South Korean Web Sites
By CHOE SANG-HUN, New York Times
July 8, 2009
SEOUL, South Korea ? Cyberattacks that have crippled the Web sites of several major American and South Korean government agencies since the July 4th holiday weekend appear to have been launched by a hostile group or government, South Korea?s main government spy agency said on Wednesday.
Although the National Intelligence Service did not identify whom they believed responsible, the South Korean news agency Yonhap reported that the spy agency had implicated North Korea or pro-North Korea groups.
A spokesman at the intelligence agency said it could not confirm the Yonhap report, which said that the spy agency briefed lawmakers about their suspicions on Wednesday. The opposition Democratic Party accused the spy agency of spreading unsubstantiated rumors to whip up support for a new anti-terrorism bill that would give it more power.
Access to at least 11 major Web sites in South Korea ? including those of the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, the mass-circulation daily newspaper Chosun Ilbo and the top Internet portal Naver.com ? have crashed or slowed down to a crawl since Tuesday evening, according to the government?s Korea Information Security Agency.
On Wednesday, some of the sites regained service, but others remained unstable or inaccessible.
In an attack linked with the one in South Korea, 14 major Web sites in the United States ? including those of the White House, the State Department and the New York Stock Exchange ? came under similar attacks, according to anti-cyberterrorism police officers in Seoul.
?This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organization or on a state level,? the National Intelligence Service said in a statement, adding that it is cooperating with the American investigative authorities to investigate the attacks.
The Associated Press reported Tuesday night that a widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several American government agencies, including some that are responsible for fighting cybercrime.
The Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the holiday weekend and into this week, The A.P. reported, citing officials inside and outside the American government. The fact that the government Web sites were still being affected after three days signaled an unusually lengthy and sophisticated attack, the news agency reported, citing anonymous American officials.
The Washington Post, which also came under attack, reported on its Web site Wednesday that a total of 26 Web sites were targeted. In addition to sites run by government agencies, several commercial Web sites were also attacked, including those operated by Nasdaq, it reported, citing researchers involved in the investigation.
Amy Kudwa, a Department of Homeland Security spokeswoman, said that the agency was aware of the attacks on ?federal and private sector public-facing Web sites.? The department, she said, has issued a notice to federal departments and agencies, as well as other partner organizations, on the activity and advised them of steps to take to help mitigate against such attacks.
?We see attacks on federal networks every day, and measures in place have minimized the impact to federal websites,? she said.
In the attack, an army of thousands of ?zombie computers? infected by the hackers? program were ordered to request access to these Web sites simultaneously, causing an overload that caused the sites? servers to crash, South Korean officials said.
Although most of the North Korean military?s hardware is decrepit, the South Korean authorities have recently voiced their concern over possible cyberattacks from the North. In May, South Korean media reported that North Korea was running a cyberwarfare unit that operates through the Chinese Internet network and tries to hack into American and South Korean military networks.
In South Korea, the Blue House reported no data loss or other damage except disrupted access. The Defense Ministry and banks attacked also reported no immediate loss of security data or financial damage.
?The traffic to our site surged nine times of the normal level,? the Blue House said in a statement. ?Computer users in some regions still suffer slow or no access at all to our site.?
Hwang Cheol-jeung, a senior official at the government?s Korea Communications Commission, said the attacks were launched by computers infected by a well-known ?distributed denial of service,? or DDoS, hackers? program.
The spy agency said 12,000 computers in South Korea and 8,000 overseas appeared to have been mobilized in the attacks. The Korea Communications Commission reported 22,000 infected computers.
?The infected computers are still attacking, and their number is not decreasing,? Mr. Hwang told reporters in a briefing. The government was urging users to upgrade their computers? antivirus software.
Denial of service attacks against Web sites are not uncommon, but they can be made far more serious if hackers infect and use thousands of computers. Hackers frequently take aim at the American government: According to the Homeland Security Department, there were 5,499 known breaches of American government computers in 2008, up from 3,928 the previous year, and just 2,172 in 2006, The A.P. said.
The South Korean news agency Yonhap said the police have traced a possible starting point for the attack back to members of a small cable TV Web site in Seoul. But officials said that does not mean it originated there.
Mr. Hwang said South Korean authorities suspected that the hackers used a new variant of the denial of service program to attack the Web sites.
By CHOE SANG-HUN, New York Times
July 8, 2009
SEOUL, South Korea ? Cyberattacks that have crippled the Web sites of several major American and South Korean government agencies since the July 4th holiday weekend appear to have been launched by a hostile group or government, South Korea?s main government spy agency said on Wednesday.
Although the National Intelligence Service did not identify whom they believed responsible, the South Korean news agency Yonhap reported that the spy agency had implicated North Korea or pro-North Korea groups.
A spokesman at the intelligence agency said it could not confirm the Yonhap report, which said that the spy agency briefed lawmakers about their suspicions on Wednesday. The opposition Democratic Party accused the spy agency of spreading unsubstantiated rumors to whip up support for a new anti-terrorism bill that would give it more power.
Access to at least 11 major Web sites in South Korea ? including those of the presidential Blue House, the Defense Ministry, the National Assembly, Shinhan Bank, the mass-circulation daily newspaper Chosun Ilbo and the top Internet portal Naver.com ? have crashed or slowed down to a crawl since Tuesday evening, according to the government?s Korea Information Security Agency.
On Wednesday, some of the sites regained service, but others remained unstable or inaccessible.
In an attack linked with the one in South Korea, 14 major Web sites in the United States ? including those of the White House, the State Department and the New York Stock Exchange ? came under similar attacks, according to anti-cyberterrorism police officers in Seoul.
?This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organization or on a state level,? the National Intelligence Service said in a statement, adding that it is cooperating with the American investigative authorities to investigate the attacks.
The Associated Press reported Tuesday night that a widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several American government agencies, including some that are responsible for fighting cybercrime.
The Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the holiday weekend and into this week, The A.P. reported, citing officials inside and outside the American government. The fact that the government Web sites were still being affected after three days signaled an unusually lengthy and sophisticated attack, the news agency reported, citing anonymous American officials.
The Washington Post, which also came under attack, reported on its Web site Wednesday that a total of 26 Web sites were targeted. In addition to sites run by government agencies, several commercial Web sites were also attacked, including those operated by Nasdaq, it reported, citing researchers involved in the investigation.
Amy Kudwa, a Department of Homeland Security spokeswoman, said that the agency was aware of the attacks on ?federal and private sector public-facing Web sites.? The department, she said, has issued a notice to federal departments and agencies, as well as other partner organizations, on the activity and advised them of steps to take to help mitigate against such attacks.
?We see attacks on federal networks every day, and measures in place have minimized the impact to federal websites,? she said.
In the attack, an army of thousands of ?zombie computers? infected by the hackers? program were ordered to request access to these Web sites simultaneously, causing an overload that caused the sites? servers to crash, South Korean officials said.
Although most of the North Korean military?s hardware is decrepit, the South Korean authorities have recently voiced their concern over possible cyberattacks from the North. In May, South Korean media reported that North Korea was running a cyberwarfare unit that operates through the Chinese Internet network and tries to hack into American and South Korean military networks.
In South Korea, the Blue House reported no data loss or other damage except disrupted access. The Defense Ministry and banks attacked also reported no immediate loss of security data or financial damage.
?The traffic to our site surged nine times of the normal level,? the Blue House said in a statement. ?Computer users in some regions still suffer slow or no access at all to our site.?
Hwang Cheol-jeung, a senior official at the government?s Korea Communications Commission, said the attacks were launched by computers infected by a well-known ?distributed denial of service,? or DDoS, hackers? program.
The spy agency said 12,000 computers in South Korea and 8,000 overseas appeared to have been mobilized in the attacks. The Korea Communications Commission reported 22,000 infected computers.
?The infected computers are still attacking, and their number is not decreasing,? Mr. Hwang told reporters in a briefing. The government was urging users to upgrade their computers? antivirus software.
Denial of service attacks against Web sites are not uncommon, but they can be made far more serious if hackers infect and use thousands of computers. Hackers frequently take aim at the American government: According to the Homeland Security Department, there were 5,499 known breaches of American government computers in 2008, up from 3,928 the previous year, and just 2,172 in 2006, The A.P. said.
The South Korean news agency Yonhap said the police have traced a possible starting point for the attack back to members of a small cable TV Web site in Seoul. But officials said that does not mean it originated there.
Mr. Hwang said South Korean authorities suspected that the hackers used a new variant of the denial of service program to attack the Web sites.