US, Korean govt websites under cyber-attack

US and South Korean government agencies, including the White House and the Pentagon, have been under sustained cyber-attack over the past five days.

South Korea’s National Intelligence Service (NIS) said North Korea was behind the DDOS attacks, although US experts were not sure.

US officials and security professionals said the attacks on 27 web sites were unsophisticated and relatively small in scale and that their origins had not yet been determined, New York Times reported.

The attacks hit the Treasury, Secret Service, Federal Trade Commission and Transportation Department web sites in the US, and Korea’s presidential, defense and Foreign Ministry sites.

The attacks stemmed from 50,000 to 65,000 zombie PCs and began on July 4, focusing initially on the government and later commercial sites in the US, and then Korean commercial and government sites.

Files found on zombie computers show that 27 web sites were the targets.

Johannes Ullrich, chief technology officer for the SANS Internet Storm Center, told AFP it was “a pretty massive attack”, but “nothing really terribly sophisticated. It just floods the websites.”

At least 11 South Korean websites have crashed or slowed since Tuesday. By Wednesday most were running normally again.

“This is not a simple attack by an individual hacker, but appears to be thoroughly planned and executed by a specific organization or on a state level,” the NIS said in a statement.

The origins are unclear. The Times said: “Joe Stewart, of Secureworks’ Counter Threat Unit in Atlanta, said the attacking software contained a text string  ‘get/China/DNS’, with DNS referring to China’s Internet routing system. He said that it appeared that the data generated by the attacking program was based on a Korean-language browser.”

South Korean web security company AhnLab issued a statement claiming that the code has a schedule function and is poised to continue.  The next scheduled attack was set at 6 p.m. on Thursday (0900 GMT) and targeted sites would include banks, major portals and government offices, it said.

"The times and targets could change if a new strain of the computer virus is released," AhnLab added.