Massive Cyber Attack Knocked Out Government Web Sites Starting On July 4
SEOUL, South Korea — North Korea, which has been firing missiles and spewing threats against the United States, has been identified by South Korea's main spy agency as a suspect in the cyber attacks targeting government and other Web sites in the U.S. and South Korea.
North Korea is not known for its computing prowess, but experts said such attacks would be easy _ and cheap _ to mount by hiring outside help.
The attacks began paralyzing Web sites in the U.S. over the July 4 U.S. Independence Day holiday weekend and in South Korea on Tuesday and Wednesday. A South Korean computer security company said that another wave of cyber attacks was expected in South Korea later Thursday.
South Korea's National Intelligence Service told members of parliament's intelligence committee Wednesday that Pyongyang or its sympathizers were believed to be behind the attacks, according to aides to two of the lawmakers. They spoke on condition of anonymity given the classified nature of the information.
The spy agency declined to confirm the information provided by the aides but said in a statement that the sophistication of the attacks suggested they were carried out at a higher level than just rogue or individual hackers.
The attacks were thoroughly prepared and appeared to have been committed by hackers "at the level of a certain organization or state," the statement said. It did not mention North Korea by name.
U.S. authorities also eyed North Korea as the origin of the trouble, though they warned it would be difficult definitely to identify the attackers quickly.
Three officials said that while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved Kim Jong Il's government in Pyongyang. They spoke on condition of anonymity because they were not authorized to speak publicly on the matter.
Seoul-based antivirus software developer AhnLab said it has analyzed a virus program that sent floods of Internet traffic to paralyze Web sites in the two countries. It found that sites in South Korea would be targeted in a new wave of attacks from 6 p.m. (0900 GMT) Thursday, spokeswoman Hwang Mi-kyung said.
Seven Web sites are likely to be targeted, including those of the Ministry of Public Administration and Security, Kookmin Bank and the mass-circulation Chosun Ilbo newspaper, she said.
There does not appear to be any evidence that North Korea has ever made overt cyber threats. South Korean media reported in May that the North was running a cyber warfare unit that tries to hack into U.S. and South Korean military networks to gather confidential information and disrupt service.
The finger-pointing at North Korea comes as the communist nation has engaged in a series of threats and provocative actions widely condemned by the international community.
In early April, Pyongyang fired a long-range rocket it said was a satellite but that landed in the Pacific Ocean after flying over Japan. Later that month it threatened to launch an intercontinental ballistic missile and in May carried out an underground nuclear test, its second since 2006.
Last month, the North threatened a "thousand-fold" military retaliation against the U.S. and its allies if provoked.
Then, on July 4, North Korea fired seven ballistic missiles several hundred miles into waters off its east coast in violation of U.N. Security Council resolutions. The launches were its biggest show of missile force since it fired seven missiles while Americans were celebrating Independence Day in 2006.
The latest missile launch came amid speculation, largely driven by a Japanese newspaper report, that North Korea might launch a long-range missile toward Hawaii to coincide with the U.S. Independence Day holiday. U.S. and South Korean defense and intelligence officials, however, said there was no evidence the North was preparing such a launch.
North Korea, an impoverished country that relies on outside aid to feed its people, is not generally regarded as being in the upper tier of cyber-savvy nations like the U.S., South Korea and Japan. Still, it has been encouraging its citizens to embrace more technology, though it's unclear how many North Koreans have access to computers and Internet access is tightly controlled.
So could the North have carried out such an attack _ or hired others to do it?
"That is very possible because those attacks are not very complicated," said Andre Rickardsson, an information technology security expert at Sweden's Bitsec Consulting. "North Korea is a country that sends up rockets and builds nuclear weapons, so why not build a virus? It's not difficult."
Paul Cornish, director of the International Security Program at the Chatham House think tank in London, agreed. "You don't need to amass great armies, it can all be done covertly and cheaply," by hiring outside expertise, he said.
For that, suspicions fell on China, Iran or even organized crime.
Andrew Brookes, a defense analyst with the International Institute of Strategic Studies in London, said countries like Iran and North Korea, as well as terrorist groups, are devoting increasing amounts of resources to cyber and electronic warfare.
"They can't take the West on with conventional tactics, like big armies, big air forces or big navies. Instead, they are trying to look to cheaper activities _ ballistic missiles, work in space, or cyber attacks," he said.
There is likely some collaboration between North Korea, Iran and others on cyber warfare technology, Brooke said, but added that the likeliest culprits in the attacks are small-scale computer hackers rather than hostile governments.
"The choice of targets suggests that whatever group is doing it is sympathetic to North Korea," said Gene Spafford, executive director of Purdue University's Center for Education and Research in Information Assurance and Security.
This could include a "for-hire criminal group paid for by North Korea or sympathizers who could be anywhere in the world, including in South Korea, China, or even the U.S," he said.
The outages were caused by so-called denial of service attacks in which floods of computers all try to connect to a single site at the same time, overwhelming the server that handles the traffic, the Korea Information Security Agency said.
In South Korea, 12 sites were initially attacked Tuesday, followed by attacks Wednesday on 10 others, including those of government offices, banks, vaccine firms and Web portals, agency official Shin Hwa-su said.
The targets were all sites that could be accessed by the public, including the presidential Blue House, the Defense Ministry and some banks.
The U.S. targets included the White House, Pentagon, State Department, Treasury Department, Homeland Security and National Security Agency, as well as the New York Stock Exchange, Nasdaq stock market and The Washington Post.
Kim Yong-hyun, a professor at Seoul's Dongguk University and an expert on the North, said Pyongyang is believed to have advanced computer technology because the regime has put a key focus on information technology as a way to overcome its economic difficulties.
The country's absolute leader, Kim Jong Il, has been a force behind the push, saying those who don't use computers are among the "three main fools of the 21st century," along with smokers and anyone who doesn't appreciate music.
"If North Korea is found to be behind these attacks, it could mean that it tried to show the U.S. and the South that it has not only military capabilities, but also cyber capabilities to paralyze key facilities," said Kim, the professor in Seoul.
South Korea's main opposition Democratic Party accused the spy agency of leaking unconfirmed information in an attempt to build public support for a set of anti-terrorism bills that have been pending for months in the National Assembly amid opposition objections.
The opposition party claims the anti-terror bills would give the spy agency too much power and could be used as a tool to infringe upon human rights.
Peter Sommer, an expert on cyber-terrorism at the London School of Economics, cautioned against coming to quick conclusions as any instigator would disguise where the attacks were coming from.
"Initial diagnoses are often wrong," he said.
___
Associated Press writers Jae-soon Chang and Wanjin Park in Seoul, Lolita C. Baldor in Washington, Pan Pylas, Gregory Katz, Nardine Saad and David Stringer in London and Karl Ritter in Stockholm contributed to this report.
Loading comments…
KELLY OLSEN | 07/ 8/09 11:46 PM |