U.S. government Web sites — including those of the White House and the State Department — have been under attack since the Fourth of July, along with financial and commercial sites like Yahoo Finance and the New York Stock Exchange, cybersecurity experts said Wednesday.
The Department of Homeland Security, which is one of the targets, according to a security expert, confirmed that the attacks were taking place. Web sites in South Korea, including the president’s, were targets of the same attack, said Jose Nazario, manager of security research at Arbor Networks in Ann Arbor, Michigan. The Washington Post said it, too, had been attacked. There is some indication that the attack comes from China, Nazario said, but he added that he could not be certain of the origin. Even if it is coming from China, it would be difficult to determine whether officials or individual hackers were responsible. He said the attack was of moderate size, involving “a few tens of thousands” of infected computers “around the world.” “We measured a peak of 25 megabits/second” in data transmission, he said, calling it “about the size of a big PowerPoint presentation, well in the garden variety of what we see.” But other cybersecurity experts said that even if the current attack was not particularly worrisome, it was a window into potentially more serious problems. Jim Lewis of the Center for Strategic and International Studies in Washington said that the attack was simple and primitive but that the fact that it worked on some agencies shows the government is still “disorganized.” Some parts of the government were able to “beat this off,” while others haven’t, he said.
Personal details of new UK spy chief on Facebook
Obama announces ‘cyber czar’ position
“That’s a problem. Everyone is marching to a different drummer,” he said. “We should have been able to beat this back. Someone needs to step back and say why not.” Alan Paller of the Sans Institute said the attack “is not a small thing.” “This is a harbinger of how people who are angry or at war with us can effect government Web sites,” he said, adding that he did not have direct knowledge of the current attacks. Disabling a Web site matters, he said. “If people rely on that Web site for information, it’s important. If it stops government from functioning, it matters.” The top U.S. military officer said Wednesday that cybersecurity is “a growing concern.” “I grow increasingly concerned about the cyber world and the attacks, whether they’re from individual hackers or state entities, and that’s something we all need to be concerned about,” said Adm. Mike Mullen, chairman of the Joint Chiefs of Staff. The Web sites are facing a “distributed denial of service” attack or, more specifically, an “http flood attack,” in which computers are infected with a virus that makes them repeatedly try to access a Web page. The increased demand can overload the page’s servers, cutting off access. The malware, or the program that is running the attack, does not seem to be stealing information from the computers it infects or the ones it attacks, Nazario said. Amy Kudwa, a Department of Homeland Security spokeswoman, said no data has been stolen from any of the government Web sites. She stressed that the attacks were against some of the government’s public Web sites, not internal ones. People trying to access the affected sites might have had difficulty getting into them or may have found the sites sluggish, she said. Kudwa would not say which government agency sites were affected. The department warned other federal departments and agencies, as well as partner organizations, about the activity and advised them of steps to take to help mitigate such attacks, she said. “We see attacks on federal networks every day, and measures in place have minimized the impact to federal Web sites,” she said. White House spokesman Nick Shapiro said the “attacks had absolutely no affect on the White House’s day-to-day operations” but added that some “visitors from regions in Asia may have been affected.” A South Korean presidential office spokesman said the attack on their computers only slowed down the system and caused no damage. Workers are in the process of figuring out where the attack came from, the spokesman said. Unnamed South Korean parliamentary sources said Wednesday that North Korea appeared to have orchestrated the attack, the official South Korean news agency reported. The sources cited informal reports by the country’s top spy agency. But Nazario said he had seen “nothing that would suggest that North Korea is an accurate claim.” He said his company was one of many working with “appropriate authorities around the world” to stop the attack. He said that progress was being made but that the attack was not over. “This is being beaten back, but I see an indication that it might still be going on,” he said. “It appears to be ongoing.”