Cyber Attacks More Serious Than Originally Thought

Cyber attack targets include White House and the Pentagon
Thursday, 9 July 2009SHARE PRINTEMAILTEXT SIZE NORMALLARGEEXTRA LARGE
A powerful internet attack that overwhelmed computers at US and South Korean government agencies for days was even broader than initially realised: targets included the White House, the Pentagon and the New York Stock Exchange and other official websites in the most widespread cyber offensive of recent years.

Other targets of the attack included the National Security Agency, Homeland Security Department, State Department, the Nasdaq stock market and The Washington Post newspaper, according to an early analysis of the malicious software used in the attacks.

The cyber assault on the White House site had "absolutely no effect on the White House's day-to-day operations," said spokesman Nick Shapiro.

Preventative measures kept the WhiteHouse.gov site "stable and available to the general public," Shapiro said, but internet visitors from Asia may have experienced problems.

South Korean intelligence officials believe the attacks were carried out by North Korea or pro-Pyongyang forces, but many experts in cyber warfare said it was simply too early to know where the offensive originated.

South Korea's National Intelligence Service, its principal spy agency, told South Korean lawmakers Wednesday it believes that North Korea or North Korean sympathisers in the South were behind the attacks, according to an aide to one of the lawmakers briefed on the information.

The aide spoke on condition of anonymity, citing the sensitivity of the information. The intelligence service said it could not immediately confirm the report, but it said it was cooperating with American authorities.

The attacks will be difficult to trace, said Professor Peter Sommer, an expert on cyberterrorism at the London School of Economics. "Even if you are right about the fact of being attacked, initial diagnoses are often wrong," he said Wednesday.

Many of the US government targets appeared to have blunted the sustained computer assaults successfully. Others, such as the US Treasury Department, were knocked offline at times.

Two government officials acknowledged that Treasury's site was brought down, and said the agency had been working with its internet service provider to resolve the problem. The officials spoke on condition of anonymity because they were not authorized to speak on the matter.

As of last night, Shapiro said, "all federal websites were back up and running." Shapiro said that the Department of Homeland Security "is aware of the DDOS attacks on federal and private sector public-facing websites."

Ed Donovan, a spokesman for the US Secret Service, said that the cyber attacks slowed down access to the agency's website, which operates on the same computer server as Treasury's site.

Secret Service's site remained in operation despite the crippling effects of the cyber offensive, Donovan said.

"Our site was never knocked down, but it was slowed down at points," Donovan said. He added that Secret Service's "operational side" was not affected.

The Associated Press obtained the target list from security experts analysing the attacks. It was not immediately clear who might have been responsible or what their motives were.

The cyber attack did not appear, at least at the outset, to target internal or classified files or systems, but instead aimed at agencies' public websites, creating a nuisance both for officials and the web consumers who use them.

The attacks appeared remarkably successful in limiting public access to victim websites, but internal email systems are typically unaffected in such attacks.

Ben Rushlo, director of internet technologies at Keynote Systems, said problems with the Transportation Department site began on Saturday and continued until Monday, while the Federal Trade Commission site was down Sunday and Monday.

Keynote Systems is a mobile and website monitoring company based in San Mateo, California. The company publishes data detailing outages on websites, including 40 government sites it watches.

According to Rushlo, the Transportation website was "100 per cent down" for two days, so that no internet users could get through to it.

The FTC site, meanwhile, started to come back online late Sunday, but even on Tuesday internet users still were unable to get to the site 70 per cent of the time.

Dale Meyerrose, former chief information officer for the US intelligence community, said at least one of the federal agency websites became saturated with as many as a million hits per second per attack - amounting to 4 billion internet hits at once.

He would not identify the agency, but said the website generally is capable of handling a level of about 25,000 users at one time.

Meyerrose, who is now vice president at Harris, said federal officials are divided on the whether a botnet was involved, but said the characteristics of the attack suggest the involvement of between 30,000 to 60,000 computers that participated in the assault.

While he said officials were investigating the incident, it appeared one attack occurred on July 4 that some agencies were able to contain, and then a second round came on July 7.

Meyerrose said that since the attackers would have used surrogate computers, it is still too early to tell where it originated.

James Lewis, a senior fellow at the Centre for Strategic and International Studies, says the fact that both the White House and defence Department were attacked but did not go down points to the need for coordinated government network defences.

"It says that they were ready and the other guys weren't ready," he said. "We are disorganised. In the event of an attack some places aren't going to be able to defend themselves."

Attacks on federal computer networks are common, ranging from nuisance hacking to more serious assaults, sometimes blamed on China. US security officials also worry about cyber attacks from al-Qaeda or other groups.

Web sites of major South Korean government agencies, including the presidential Blue House and the defence Ministry, and some banking sites were paralysed Tuesday.

An initial investigation found that many personal computers were infected with a virus ordering them to visit major official websites in South Korea and the US at the same time, Korea Information Security Agency official Shin Hwa-su said.