North Korea Blamed For Cyberattacks On U.S., South Korea

A malicious cyberattack thought to be launched from North Korea targeted South Korean and U.S. government computers on Monday and Tuesday, shutting down Web sites of the White House, the Pentagon and the New York Stock Exchange, The Wall Street Journal reported.

Specifically, hackers leveraged more than 20,000 computers compromised in a global botnet to launch a massive denial of service attack -- attacks that effectively block users' access to the Web sites -- that targeted both U.S. and South Korean government Web sites, security experts said.

South Korean National Intelligence Service issued a statement saying they suspected the denial of service attacks were politically motivated and sourced from North Korea or that North Korean sympathizers were behind the series of denial of service attacks that blocked access to numerous government and banking Web sites Tuesday.

Altogether, the attack blocked access on 26 Web sites in both the U.S. and South Korea, including the office of South Korea's president and the defense ministry, according to a statement issued by the South Korean National Intelligence Service.

Among the computer systems hit the hardest in the U.S. were those of the Department of Transportation and the Treasury Department, which were shut down for two days on Monday and Tuesday. Both federal agencies said that they were working with members of the U.S. Computer Emergency Readiness Team to deal with the technical issues. Other U.S. government agencies targeted in the attack included the National Security Agency, the Federal Aviation Administration, the Department of Homeland Security, the Nasdaq stock market and The Washington Post.

Mandeep Khera, chief marketing officer for security company Cenzic, confirmed that the attacks appeared to come from outside the U.S., but said that so far security experts were unable to determine if the attacks specifically came from North Korea.

"We can extrapolate that it was a politically driven attack, or an organized mob attack from any of the foreign countries," Khera said.

Denial of service attacks occur when hackers flood Web sites with more information than they can handle in order to shut them down.

Many of the U.S. agencies have reinstated Web service since the attacks were launched Monday and Tuesday, and many of the targeted agencies were able to successfully protect their networks from being pummeled during the course of the sustained attack.

However, Khera said that the fact that a relatively simple denial of service attack could shut down several government Web sites reveals severe weaknesses in the U.S. cyberinfrastructure, which have yet to be seriously addressed.

"The Web sites for both government and commercial organizations are the weakest link. We're still not taking it very seriously," Khera said. "We know that hackers have been trying to attack different government agencies for a while. My suspicion is a lot of attacks are going through that we're not hearing about."

However, Khera said that could change as politically motivated hackers determine where the weaknesses are in U.S. cybernetworks and subsequently launch malware that can access highly classified information or shut down the nation's basic infrastructure.

"We've just been hit by a small asteroid," he said. "If we have a huge asteroid that hits in the next few months, we'll feel the pain."

Tweet

   

More Security