A powerful Internet attack that overwhelmed computers at U.S. and South Korean government agencies for days was even broader than initially realized: targets included the White House, the Pentagon and the New York Stock Exchange and other official Web sites in the most widespread cyber offensive of recent years.
Other targets of the attack included the National Security Agency, Homeland Security Department, State Department, the Nasdaq stock market and The Washington Post newspaper, according to an early analysis of the malicious software used in the attacks.
The cyber assault on the White House site had "absolutely no effect on the White House's day-to-day operations," said spokesman Nick Shapiro.
Preventative measures kept the WhiteHouse.gov site "stable and available to the general public," Shapiro said, but Internet visitors from Asia may have experienced problems.
Too early to know origins
South Korean intelligence officials believe the attacks were carried out by North Korea or pro-Pyongyang forces, but many experts in cyber warfare said it was simply too early to know where the offensive orginated.
South Korea's National Intelligence Service, its principal spy agency, told South Korean lawmakers Wednesday it believes that North Korea or North Korean sympathizers in the South were behind the attacks, according to an aide to one of the lawmakers briefed on the information.
The aide spoke on condition of anonymity, citing the sensitivity of the information. The intelligence service said it could not immediately confirm the report, but it said it was cooperating with American authorities.
The attacks will be difficult to trace, said Professor Peter Sommer, an expert on cyberterrorism at the London School of Economics. "Even if you are right about the fact of being attacked, initial diagnoses are often wrong," he said Wednesday.
Treasury’s site knocked offline
Many of the U.S. government targets appeared to have blunted the sustained computer assaults successfully. Others, such as the U.S. Treasury Department, were knocked offline at times.
Two government officials acknowledged that Treasury's site was brought down, and said the agency had been working with its Internet service provider to resolve the problem. The officials spoke on condition of anonymity because they were not authorized to speak on the matter.
As of last night, Shapiro said, "all federal Web sites were back up and running." Shapiro said that the Department of Homeland Security "is aware of the DDOS attacks on federal and private sector public-facing Web sites."
Ed Donovan, a spokesman for the U.S. Secret Service, said that the cyber attacks slowed down access to the agency's Web site, which operates on the same computer server as Treasury's site. Secret Service's site remained in operation despite the crippling effects of the cyber offensive, Donovan said.
"Our site was never knocked down, but it was slowed down at points," Donovan said. He added that Secret Service's "operational side" was not affected.
The Associated Press obtained the target list from security experts analyzing the attacks. It was not immediately clear who might have been responsible or what their motives were.
Public Web sites targeted
The cyber attack did not appear, at least at the outset, to target internal or classified files or systems, but instead aimed at agencies' public Web sites, creating a nusiance both for officials and the Web consumers who use them.
The attacks appeared remarkably successful in limiting public access to victim Web sites, but internal e-mail systems are typically unaffected in such attacks.
Ben Rushlo, director of Internet technologies at Keynote Systems, said problems with the Transportation Department site began Saturday and continued until Monday, while the Federal Trade Commission site was down Sunday and Monday.
Keynote Systems is a mobile and Web site monitoring company based in San Mateo, California. The company publishes data detailing outages on Web sites, including 40 government sites it watches.
According to Rushlo, the Transportation Web site was "100 percent down" for two days, so that no Internet users could get through to it. The FTC site, meanwhile, started to come back online late Sunday, but even on Tuesday Internet users still were unable to get to the site 70 percent of the time.
Dale Meyerrose, former chief information officer for the U.S. intelligence community, said at least one of the federal agency Web sites became saturated with as many as a million hits per second per attack — amounting to 4 billion Internet hits at once. He would not identify the agency, but said the Web site generally is capable of handling a level of about 25,000 users at one time.
Meyerrose, who is now vice president at Harris Corp., said federal officials are divided on the whether a botnet was involved, but said the characteristics of the attack suggest the involvement of between 30,000 to 60,000 computers that participated in the assault.
While he said officials were investigating the incident, it appeared one attack occurred on July 4 that some agencies were able to contain, and then a second round came on July 7. Meyerrose said that since the attackers would have used surrogate computers, it is still too early to tell where it originated.
James Lewis, a senior fellow at the Center for Strategic and International Studies, says the fact that both the White House and Defense Department were attacked but did not go down points to the need for coordinated government network defenses.
"It says that they were ready and the other guys weren't ready," he said. "We are disorganized. In the event of an attack some places aren't going to be able to defend themselves."
Attacks on federal computer networks are common, ranging from nuisance hacking to more serious assaults, sometimes blamed on China. U.S. security officials also worry about cyber attacks from al-Qaida or other groups.
Web sites of major South Korean government agencies, including the presidential Blue House and the Defense Ministry, and some banking sites were paralyzed Tuesday. An initial investigation found that many personal computers were infected with a virus ordering them to visit major official Web sites in South Korea and the U.S. at the same time, Korea Information Security Agency official Shin Hwa-su said.