South Korean officials, who were also hit by the Web access-denial attacks, believe the malicious software came from North Korea
By the Associated Press
WASHINGTON—The powerful attack that overwhelmed computers at U.S. and South Korean government agencies for days, starting with the July 4 holiday, was even broader than initially realized, also targeting the White House, the Pentagon, and the New York Stock Exchange.
Other targets of the attack included the National Security Agency, Homeland Security Dept., State Dept., the Nasdaq stock market, and The Washington Post, according to an early analysis of the malicious software used in the attacks. Many of the organizations appeared to blunt the sustained computer assaults successfully.
The Associated Press obtained the target list from security experts analyzing the attacks. It was not immediately clear who might be responsible or what their motives were. South Korean intelligence officials believe the attacks were carried out by North Korea or pro-Pyongyang forces.
The attack was remarkably successful in limiting public access to victim Web sites, but internal e-mail systems are typically unaffected in such attacks. Some government Web sitess—such as the Treasury Dept., Federal Trade Commission, and Secret Service—were still reporting problems days after the attacks started. South Korean Internet sites began experiencing problems on Tuesday.
North Korea's Role
South Korea's National Intelligence Service, the nation's principal spy agency, told a group of South Korean lawmakers on Wednesday it believes that North Korea or North Korean sympathizers in the South were behind the attacks, according to an aide to one of the lawmakers briefed on the information.
The aide spoke on condition of anonymity, citing the sensitivity of the information. The National Intelligence Service—South Korea's main spy agency—said it couldn't immediately confirm the report, but it said it was cooperating with American authorities.
The attacks will be difficult to trace, said Professor Peter Sommer, an expert on cyberterrorism at the London School of Economics. "Even if you are right about the fact of being attacked, initial diagnoses are often wrong," he said on Wednesday.
Amy Kudwa, spokeswoman for the Homeland Security Dept., said the agency's U.S. Computer Emergency Readiness Team issued a notice to federal departments and other partner organizations about the problems and "advised them of steps to take to help mitigate against such attacks."
New York Stock Exchange spokesman Ray Pellecchia could not confirm the attack, saying the company does not comment on security issues.
Sites Brought Down
Attacks on federal computer networks are common, ranging from nuisance hacking to more serious assaults, sometimes blamed on China. U.S. security officials also worry about cyber attacks from al Qaeda or other terrorists.
This time, two government officials acknowledged that the Treasury and Secret Service sites were brought down and said the agencies were working with their Internet service provider to resolve the problem. The officials spoke on condition of anonymity because they were not authorized to speak on the matter.
Ben Rushlo, director of Internet technologies at Keynote Systems, said problems with the Transportation Dept. site began Saturday and continued until Monday, while the FTC site was down Sunday and Monday.
Keynote Systems is a mobile and Web site monitoring company based in San Mateo, Calif. The company publishes data detailing outages on Web sites, including 40 government sites it watches.
According to Rushlo, the Transportation Web site was "100% down" for two days, so that no Internet users could get through to it. The FTC site, meanwhile, started to come back online late Sunday, but even on Tuesday, Internet users were still unable to get to the site 70% of the time.
Web sites of major South Korean government agencies, including the Presidential Blue House and the Defense Ministry, and some banking sites were paralyzed Tuesday. An initial investigation found that many personal computers were infected with a virus ordering them to visit major official Web sites in South Korea and the U.S. at the same time, Korea Information Security Agency official Shin Hwa-su said.