July 8 (Bloomberg) -- Web sites of the U.S. departments of State, Treasury and Transportation were attacked by unidentified hackers during the July 4 holiday weekend and in some cases the attacks were continuing today, officials said.

In addition, NYSE Euronext, the world’s largest owner of stock exchanges, said it was notified by authorities that it had been the target of a cyber attack aimed at slowing or shutting down its Web site.

The Department of Homeland Security is aware of the attacks and its Computer Emergency Readiness Team, or CERT, has advised government agencies and private companies on “steps to take to mitigate against such attacks,” Amy Kudwa, a spokeswoman for the department, said in an e-mail today.

The attacks are known as distributed denial of service, a common practice by hackers who commandeer remote computers to flood targeted Web sites with a large volume of data that renders the sites inaccessible to other users. Kudwa said she didn’t have information on reports by Seoul-based Yonhap News that North Korea may have orchestrated the effort.

The attack on the State Department’s state.gov site started July 5, department spokesman Ian Kelly said at the daily briefing with reporters today. “It’s still ongoing, but I’m told it’s much reduced right now.” He said he hadn’t noticed “any real difficulties” in accessing the site.

Kelly declined to speculate on who was responsible for the attacks. “We’re investigating, but we can’t confirm the source of attacks yet,” he said.

‘Particularly Aggressive’

Although attacks that lead to service denials are common, the assault on government and private networks this week “was particularly aggressive,” Representative Jim Langevin, a Rhode Island Democrat and a member of the House Intelligence Committee, said in a phone interview.

Unlike past instances, government agencies and private companies are working “very well together and are getting better at identifying and improving our ability to respond,” Langevin said. Eventually, with better coordination, such attacks can be prevented, he said.

Based on briefings he has received from U.S. officials, Langevin said it was premature to say the attacks came from any one country. The National Security Agency is working to identify the perpetrators and “I’m very confident we will have a very good sense of where it originated and who’s responsible,” Langevin said.

Daily Attacks

“We see attacks on federal networks every single day,” said Nick Shapiro, a White House spokesman. Preventive measures have minimized impact and the assault “had absolutely no effect on the White House’s day-to-day operations,” he said.

The Washington Post reported today that its site had been targeted. A Treasury Department aide who spoke on condition of anonymity said the agency’s Web sites were operational after an attack during the July 4 holiday weekend.

None of NYSE Euronext’s trading systems or market data were at risk because they operate over private networks, NYSE Euronext said in an e-mailed statement.

The attempted breach was meant to overwhelm NYSE Euronext’s Internet servers with requests for data, said Ray Pellecchia, a spokesman for the New York-based company. The design of the Web site meant NYSE Euronext experienced no problems with its nyse.com Web site or other services provided to issuers and traders through the Internet.

‘Minimal’ Incidents

Department of Transportation spokeswoman Sasha Johnson said in an e-mail that the agency has been “experiencing minimal network incidents this past weekend. We are working with the U.S. Computer Emergency Readiness Team at this time.”

Meanwhile, the Federal Trade Commission wouldn’t say whether an outside attack was responsible for an outage on its Web site.

“Our Web site was down a couple of days ago due to technical problems and our people even as of yesterday were working on problems,” Peter Kaplan, an FTC spokesman, said in a phone interview. “We aren’t commenting on the details and we haven’t said it’s due to outside attacks.”

Security breaches on U.S. and private networks reported to the Department of Homeland Security almost doubled to 72,000 for the year ending Sept. 30, 2008, from 37,000 the previous year.

President Barack Obama said in May he will appoint a White House adviser to oversee the security of all government and business computer networks in response to widespread breaches and theft of information.

Direct Access

Appointing a national coordinator for cyber security efforts with direct access to the president is a must, Representative Dutch Ruppersberger, a Maryland Democrat and a member of the House intelligence committee, said in a phone interview. The president must educate Americans about threats, he said.

Several sites in South Korea were targeted and the country’s National Intelligence Service in a statement attributed the attacks to a group or a state, according to Yonhap News, a South Korean news agency.

“If Pyongyang were behind the recent cyber attacks, it would mark another escalation in North Korean provocations against Washington and Seoul,” Bruce Klingner, a Northeast Asia analyst at the Washington-based Heritage Foundation, said in a statement.

“Despite North Korea’s low levels of computer technology and Internet connectivity, Pyongyang has an extensive and capable cyber terrorism effort to provide asymmetric attack capabilities,” Klingner said.

He said there was no “hard evidence” linking North Korea to the attacks.

‘Not Very Different’

The weekend’s security intrusion “is not very different from the daily attacks” on U.S. computer networks, Marcus Sachs, Washington-based director of the SANS Internet Storm Center, said in an interview. The all-volunteer group of computer experts acts as a watchdog monitoring Internet attacks worldwide.

Unlike hackers who direct attacks at specific Web sites from remote unidentified computers, the weekend security breach appeared to be a “reprogrammed old worm allowed to spread on autopilot,” or malicious software code that seeks a target list of sites on its own, Sachs said. The inclusion of targets like the White House on the list doesn’t mean the sites were attacked, Sachs said.

Sites on List

Sachs said the list of U.S. sites targeted by hackers includes the U.S. Postal Service, the departments of Defense, State, Homeland Security and Transportation, the Federal Trade Commission, the National Security Agency, the Federal Aviation Administration and Voice of America.

Among private companies, those targeted include Nasdaq, the New York Stock Exchange, U.S. Bancorp, Yahoo.com, Amazon.com, the Wall Street Journal’s Market Watch, and the U.S. Auctions Live site, Sachs said. He said he compiled the list from the malicious code obtained from an infected computer by anti-virus specialists.

As with most computer attacks, proving the hackers’ origins or nationality is difficult, Sachs said. “If South Korea says this is coming from North Korea, I say prove it. Drawing conclusions is truly a fantasy at this moment.”

To contact the reporters on this story: Gopal Ratnam in Washington at gratnam1@bloomberg.net; Juliann Neher in Washington at jneher@bloomberg.net.

Last Updated: July 8, 2009 18:16 EDT