The White House, State Department and Pentagon websites were among those targeted in a coordinated cyberattack that also crippled sites in South Korea, computer security experts said on Wednesday.
The Department of Homeland Security confirmed that US government and private sector websites had come under so-called “distributed denial of service” (DDoS) attack but declined to identify any of the targeted sites.
A denial of service attack attempts to paralyse a website by overwhelming it with traffic from an army of malware-infected computers known as a “botnet.” It does not involve any theft of data.
“It was a pretty massive attack,” Johannes Ullrich, chief technology officer for the private SANS Internet Storm Center, said of the Internet assault which began over the weekend.
“Nothing really terribly sophisticated. It just floods the websites,” he told AFP. “It prevents the websites from responding. They’re just overloaded with traffic.”
“The only site that was hit pretty bad was the Federal Trade Commission, ftc.gov,” he said.
Ullrich said US government sites which came under attack included the White House, Department of Homeland Security, Department of Transportation, Federal Aviation Administration, National Security Agency, State Department, US Postal Service, US Treasury Department and Voice of America.
A Pentagon site, defenselink.mil, was also targeted, he said, as was a site for US forces in South Korea.
Commander Jeffrey Gordon, a Department of Defense (DoD) spokesman, declined to discuss “specific operations” but said “we continue to protect networks and remain vigilant.”
“There are millions of scans (not intrusion attempts, just scans) of the DoD Global Information Grid per day and we defend in depth every day,” Gordon said. “There has been no impact on Defense Department operations.”
South Korean lawmakers were quoted as saying that South Korea’s intelligence service believes North Korea or its sympathizers may have staged the attack.
“This is not a simple attack by individuals. The attack appeared to have been elaborately prepared and staged by a certain organization or state,” Seoul’s National Intelligence Service (NIS) said in a statement.
The NIS said US authorities were cooperating to track down those responsible for hijacking 12,000 personal computers in South Korea and 8,000 abroad which were exploited as vehicles for the attacks.
Dean Turner, Global Intelligence Network director at security firm Symantec, said a “little over 50,000 machines” may have made up the botnet and the number of US and South Korean websites targeted was “greater than 20.”
State Department spokesman Ian Kelly said an investigation was underway but “we can’t confirm the source of attacks yet.”
Symantec’s Turner cautioned against assigning blame. “We don’t know who is behind this, and we don’t necessarily know what the purpose is either.
“We can say where the attacks are coming from, where those machines are located but that doesn’t give us any visibility into the ‘who.´ The person or persons responsible could be located on the moon.”
As to their effectiveness, Turner said “if the attackers’ goal was to make these sites unavailable for anybody for an extended period of time, or just take them off the Internet, then I wouldn’t say it was terribly successful.
“Some sites were very quick to recover,” he said. “Some sites are still having some difficulties.”
Homeland Security stressed that attacks on US government websites were a daily occurrence.
“We see attacks on federal networks every single day, and measures in place have minimized the impact to federal websites,” spokeswoman Amy Kudwa said.
“As of last night, all federal websites were back up and running,” she said.
Ullrich said private sector sites which came under attack included the New York Stock Exchange (NYSE), the Nasdaq electronic exchange, Web portal Yahoo!, online retail giant Amazon and The Washington Post.
The NYSE confirmed that nyse.com had come under attack but said it “has not experienced any impact.”