And there went out another horse that was red: and [power] was given to him that sat thereon to take peace from the earth, and that they should kill one another: and there was given unto him a great sword. (Revelation 6:4)

North Korea blamed for ‘massive’ cyber attacks

Officials eye link after assault took down U.S., S. Korean government sites

MSNBC
July 8, 2009

http://www.msnbc.msn.com/id/31789294/ns/technology_and_science-security/

SEOUL, South Korea - The powerful attack that overwhelmed computers at U.S. and South Korean government agencies for days was even broader than realized, also targeting the White House, the Pentagon and the New York Stock Exchange.

An early analysis of the malicious software used in the attack found its targets also included the National Security Agency, Homeland Security Department, State Department, the Nasdaq stock market and The Washington Post. Many of the organizations appeared to successfully blunt the sustained attacks.

The Associated Press obtained the target list from security experts analyzing the attack. The attack was remarkably successful. Some of the affected government Web sites — such as the Treasury Department, Federal Trade Commission and Secret Service — were still reporting problems days after it started during the July 4 holiday.South Korean intelligence officials believe North Korea or pro-Pyongyang forces committed cyber attacks that paralyzed major South Korean and U.S. government Web sites, aides to two lawmakers said Wednesday.

The sites of 11 South Korean organizations, including the presidential Blue House and the Defense Ministry, went down or had access problems since late Tuesday, according to the state-run Korea Information Security Agency. Agency spokeswoman Ahn Jeong-eun said 11 U.S. sites suffered similar problems. She said the agency is investigating the case with police and prosecutors.

Denial of service attackOthers familiar with the U.S. outage, which is called a denial of service attack, said that the fact that the government Web sites were still being affected three days after it began signaled an unusually lengthy and sophisticated attack. The officials spoke to The Associated Press on condition of anonymity because they were not authorized to speak on the matter.

"It certainly seems to be a well-organized attack," an anonymous government official told The Washington Post. "There are a lot of computers involved. What we don't know is who is orchestrating it."

The Korea Information Security Agency also attributed the attacks to denial of service. Yang Moo-jin, a professor at Seoul's University of North Korean Studies, said he doubts whether the impoverished North has the capability to knock down the Web sites.

But Hong Hyun-ik, an analyst at the Sejong Institute think tank, said the attack could have been done by either North Korea or China, saying he "heard North Korea has been working hard to hack into" South Korean networks.

Denial of service attacks against Web sites are not uncommon, and are usually caused when sites are deluged with Internet traffic so as to effectively take them off-line. Mounting such an attack can be relatively easy using widely available hacking programs, and they can be made far more serious if hackers infect and use thousands of computers tied together into "botnets."

For instance, last summer, in the weeks leading up to the war between Russia and Georgia, Georgian government and corporate Web sites began to see "denial of service" attacks. The Kremlin denied involvement, but a group of independent Western computer experts traced domain names and Web site registration data to conclude that the Russian security and military intelligence agencies were involved.

N. Korean sympathizers behind attacks?On Wednesday, the National Intelligence Service told a group of South Korean lawmakers it believes that North Korea or North Korean sympathizers "were behind" the attacks, according to an aide to one of lawmakers who was briefed on the information.

An aide to another lawmaker who was briefed also said the NIS suspects North Korea or its followers were responsible.

The aides spoke to The AP on condition of anonymity and refused to allow the names of the lawmakers they work for to be published, citing the classified nature of the information. Both aides told The AP that the information was delivered in writing to lawmakers who serve on the National Assembly's intelligence committee.

The National Intelligence Service — South Korea's main spy agency — declined to confirm the information.

‘Massive outage’Ben Rushlo, director of Internet technologies at Keynote Systems, called it a "massive outage" and said problems with the Transportation Department site began Saturday and continued until Monday, while the FTC site was down Sunday and Monday.

Keynote Systems is a mobile and Web site monitoring company based in San Mateo, Calif. The company publishes data detailing outages on Web sites, including 40 government sites it watches.