North Korea suspected in U.S., South Korea web attack

WASHINGTON Wed Jul 8, 2009 5:27pm EDT

People watch a television news broadcast about hacker attacks at the Seoul railway station July 8, 2009. REUTERS/Choi Bu-Seok

People watch a television news broadcast about hacker attacks at the Seoul railway station July 8, 2009.

Credit: Reuters/Choi Bu-Seok

WASHINGTON (Reuters) - More than two dozen Internet sites in South Korea and the United States, including the White House, were attacked in recent days by hackers that South Korea's spy agency said may be linked to North Korea.

The attacks began on July 4, the U.S. Independence Day holiday, and were widespread, but government websites were now up and running and day-to-day operations at the White House and Pentagon had not been affected, officials said.

U.S. officials also said it was premature to say who was responsible and that these types of Internet attacks happen everyday on government networks.

South Korea's National Intelligence Service said in a statement that an organization and possibly a state were behind the attacks in South Korea, the world's most wired nation, and there were signs of "meticulous preparations" for the act.

South Korean media, including Yonhap news agency, quoted parliament members as saying after an intelligence briefing that the spy agency believed "North Korea or pro-North elements" were behind the attacks that targeted 26 U.S. and South Korean websites.

In the United States, the NASDAQ stock market said its website and business were unaffected by the attack and the White House said all federal websites were "up and running."

The attack on websites had "absolutely no effect" on day-to-day operations at the White House, spokesman Nick Shapiro said.

"The preventative measures in place to deal with frequent attempts to disrupt WhiteHouse.gov's service performed as planned, keeping the site stable and available to the general public, although visitors from regions in Asia may have been affected," he said.

Other public websites affected included the State, Treasury and Transportation Departments, the Secret Service and the Federal Trade Commission, officials said.

The State Department said the attack against its state.gov website started on July 5. "It's still ongoing, but I'm told that it's much reduced right now," spokesman Ian Kelly said.

SPECULATION ABOUT NORTH KOREA

Rodger Baker, director of East Asia analysis at Stratfor, said the timing of the cyber attacks raised suspicions about North Korea because it was around the U.S. Independence Day holiday and Pyongyang conducting missile tests.

But the attack was more about nuisance and harassment and was "very low in the sophistication scale," he said. "Over the holiday weekend I'm not sure how many people were surfing the Treasury site."

If North Korea was responsible, it would mark an escalation in tensions already high due to the reclusive communist state's nuclear test in May, its firing of seven ballistic missiles in July and repeated attacks on longtime foes Seoul and Washington in its official media.

Access to the Internet is denied to almost everyone in the impoverished North, but intelligence sources in Seoul have said the secretive state has stepped up a unit that specializes in cyber attacks.

Mark Rasch of SecureITExperts said while the cyber attacks were not novel, the targets and coordinated nature of the activity were different.

"This is not something that your average script kitty can do on the one hand. On the other hand it doesn't require it to be state-sponsored," he said.

Tim Stevens, a technology expert at King's College in London, said if North Korea was a source of the attack it was largely symbolic because most of the targets were not critical infrastructure and the stock exchange was closed at the time.

The "denial of service" attack was designed to disrupt rather than penetrate a system to obtain data, he said.

The websites of South Korea's presidential office, Defense Ministry, and the National Assembly were saturated with access requests generated by malicious software on Tuesday, crippling server response to legitimate traffic, South Korea's Communications Commission said in a statement.

News of the attack pushed shares of some online security companies higher on Wednesday, with Ahnlab Inc up by the 15 percent daily limit on the junior Kosdaq market, which ended trading down.

(Additional reporting by Jon Herskovitz, Rhee So-eui, Paul Eckert, Elinor Comlay, David Morgan, William Maclean, Jim Christie, Clare Baldwin; editing by Mohammad Zargham)

Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.