SEOUL, South Korea
-- A wave of cyberattacks aimed at 27 American and South Korean
government agencies and commercial Web sites temporarily jammed more
than a third of them over the past five days, and several sites in
South Korea came under renewed attack on Thursday.
latest bout of attacks, which affected service on one government and
six commercial Web sites in South Korea, was relatively minor, and all
but one of the sites was fully functional within two hours, an official
from the state-run Korea Communications Commission told The Associated
Officials and computer experts in the United States said
Wednesday that the attacks, which began over the July 4th weekend, were
unsophisticated and on a relatively small scale, and that their origins
had not been determined. They said 50,000 to 65,000 computers had been
commandeered by hackers and ordered to flood specific Web sites with
access requests, causing them to slow or stall. Such robotic networks,
or botnets, can involve more than a million computers.
sites of the Treasury Department, Secret Service, Federal Trade
Commission and Transportation Department were all affected at some
point over the weekend and into this week, The Associated Press
reported Tuesday, citing American officials.
A White House
spokesman, Nick Shapiro, said in a statement on Wednesday that "all
federal Web sites were back up and running" by Tuesday night and that
the White House site had also been attacked.
He said, "The preventative measures in place to deal with frequent attempts to disrupt whitehouse.gov's
service performed as planned, keeping the site stable and available to
the general public, although visitors from regions in Asia may have
The Web site of the New York Stock Exchange also came under attack, as well as the sites of Nasdaq, Yahoo's finance section and The Washington Post.
who are following the attacks said that they began July 4 and focused
on the small group of United States government Web sites, but that the
list later expanded to include commercial sites in the United States
and then commercial and government sites in South Korea. Files stored
on computers that are part of the attacking system show that 27 Web
sites are now targets.
In South Korea, at least 11 major sites
have slowed or crashed since Tuesday, including those of the
presidential Blue House, the Defense Ministry, the National Assembly,
Shinhan Bank, the mass-circulation newspaper Chosun Ilbo and the top
Internet portal Naver.com, according to the government's Korea
Information Security Agency.
On Wednesday, some of the South Korean sites regained service, but others remained unstable or inaccessible.
is not a simple attack by an individual hacker, but appears to be
thoroughly planned and executed by a specific organization or on a
state level," the South Korean spy agency, the National Intelligence
Service, said in a statement, adding that it was cooperating with the
American authorities to investigate the attacks.
The spy agency
said the attacks appeared to have been carried out by a hostile group
or government, and the news agency Yonhap reported that the agency had
implicated North Korea or pro-North Korean groups.
A spokesman at
the intelligence agency said it could not confirm the Yonhap report
about North Korea's possible role. The opposition Democratic Party accused the spy agency of spreading rumors to whip up support for an antiterrorism bill that would give it more power.
most of the North Korean military's hardware is decrepit, the South
Korean authorities have recently expressed concern over possible
cyberattacks from the North. In May, South Korean media reported that
North Korea was running a cyberwarfare unit that operated through the
Chinese Internet network and tried to hack into American and South
Korean military networks. United States computer security researchers
who have examined the attacking software and watched network traffic
played down the sophistication and extent of the attacks.
would call this a garden-variety attack," said Jose Nazario, manager of
security research at Arbor Networks, a network security firm that is
based in Chelmsford, Mass. He said that the attackers were generating
about 23 megabits of data a second, not enough to cause major
disruptions of the Internet at most of the sites that were being
"The code is really pretty elementary in many
respects," he added. "I'm doubting that the author is a computer
science graduate student."
As for possible origins, there were
only hints. One researcher, Joe Stewart, of Secureworks' Counter Threat
Unit in Atlanta, said the attacking software contained the text string
"get/China/DNS," with DNS referring to China's Internet routing system.
He said that it appeared that the data generated by the attacking
program was based on a Korean-language browser.
Amy Kudwa, a Department of Homeland Security
spokeswoman, said that the agency was aware of the attacks and that it
had issued a notice to federal departments and agencies, as well as to
other partner organizations, advising them of steps to take to help