North Korea Suspected in Cyber Attacks (Update: White House Also Targeted)

If the South Korean leak ticker is right about this, ballistic missile tests weren’t the only mischief Kim Jong Il had in mind for us on the Fourth of July:

The sites of 11 South Korean organizations, including the presidential Blue House and the Defense Ministry, went down or had access problems since late Tuesday, according to the state-run Korea Information Security Agency. [AP, Hyung-Jin Kim]

To be precise about it, South Korean intelligence reports leaked by staffers of National Assembly members, implicate North Korea and/or “pro-Pyongyang forces.” The prevalence of North Korean sympathizers in the South, however, means that the attacks could just as well have been carried out from South Korea itself, or virtually anywhere. Indeed, the suspects are said to include “pro-North Korea forces in South Korea.” Several U.S. government web sites also experienced minor disruptions as a result.

In the U.S., the Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the July 4 holiday weekend and into this week, according to American officials inside and outside the government.

I pity anyone who spent the holiday weekend surfing the Federal Trade Commission web site. The choices of Treasury and Secret Service, however, are particularly suspicious. Treasury has just begun the process of re-unplugging North Korea from the global financial system, and Secret Service has been investigating North Korea’s high-quality counterfeiting of U.S. currency for decades.

Unnamed sources call the denial of service attack “unusually lengthy and sophisticated” because it continued to have effects days later. The method of attack was to install a virus in personal computers that caused them to visit the targeted sites, thus overwhelming their bandwidth.
In South Korea, it’s common for member of the National Assembly with access to intelligence to leak it when doing so serves the member’s political motives.

North Korea, where internet access is virtually non-existent, has long been rumored to employ specially trained hackers and operate a growing military cyber warfare unit, known as Unit 121. Depending on which reports you choose to believe, the strength of that unit is anywhere between 100 and a rather improbable 12,000 personnel. According to unsourced reports, the unit has a history of attacking U.S. government sites. South Korea has also set up a cyber warfare unit, a move that was boosted by revelations that in 2004, hackers based in China hacked into South Korean government computer systems and stole sensitive information.

Update: The target list widens:

The powerful attack that overwhelmed computers at U.S. and South Korean government agencies for days was even broader than initially realized, also targeting the White House, the Pentagon and the New York Stock Exchange.

Other targets of the attack included the National Security Agency, Homeland Security Department, State Department, the Nasdaq stock market and The Washington Post, according to an early analysis of the malicious software used in the attacks. Many of the organizations appeared to successfully blunt the sustained computer assaults.

The Associated Press obtained the target list from security experts analyzing the attacks. It was not immediately clear who might be responsible or what their motives were. South Korean intelligence officials believe the attacks were carried out by North Korea or pro-Pyongyang forces. [AP, Lolita Baldor]

The State Department, too! Talk about biting the hand that feeds you ….