North Korea suspected in cyber attacks

North Korea, which has been firing missiles and spewing threats against the United States, was identified by South Korea's main spy agency Wednesday as a suspect in the cyber attacks targeting government and other Web sites in the U.S. and South Korea.


South Korea's National Intelligence Service told members of parliament's intelligence committee Wednesday that Pyongyang or its sympathizers are believed to be behind the attacks, according to aides to two of the lawmakers. They spoke on condition of anonymity given the classified nature of the information.

The attacks, which began in the U.S. over the July Fourth holiday and in South Korea on Tuesday, were thoroughly prepared and appeared to have been committed by hackers "at the level of a certain organization or state," the intelligence service said. It did not mention North Korea by name.

The outages were caused by so-called denial-of-service attacks in which floods of computers all try to connect to a single site at the same time, overwhelming the server that handles the traffic, the Korea Information Security Agency said.

The U.S. targets included the White House, Pentagon, State Department, Treasury Department, Homeland Security and National Security Agency, in addition to the New York Stock Exchange, Nasdaq stock market and The Washington Post .


As investigators piece together details about one of the most aggressive computer attacks in recent memory, questions abound:

Q: What is a "denial-of-service" attack?

A: Think about what would happen if you and all your friends called the same restaurant repeatedly and ordered things you didn't really want. You'd jam the phone lines and overwhelm the kitchen to the point that it couldn't take any more orders.

That's what happens to Web sites when criminals hit them with denial-of-service attacks. They're knocked offline by too many junk requests from computers controlled by the attackers.

The bad guys' main weapons in such an attack are "botnets," or networks of "zombie" personal computers they've infected with a virus. The virus lets the criminals remotely control innocent people's machines, which are programmed to contact certain Web sites over and over until that overwhelms the servers that host the sites. The servers become too busy to respond to anything, and the Web site slows or stops altogether.

Q: How often does this happen?

A: People try denial-of-service attacks all the time -- many government and private sites report being hit daily. Often the assaults are unsuccessful, because Web sites have ways to identify and intercept malicious traffic. However, sites want to avoid blocking legitimate users, so more often than not, Internet traffic is let through until a problem is spotted.

Often the attacks take a site out for a few hours, before Web site administrators can respond. What made the most recent attack notable is that it was widespread and went on for a while, beginning over the July Fourth holiday weekend and running into this week. It's not yet clear how the attack was able to last that long.

Q: How is it that some organizations appear to have fended off these recent attacks, while other Web sites went down?

A: The sites that went down probably were less prepared, because they are less accustomed to being hit or aren't sensitive enough to warrant extra precautions. Popular Web sites, such as e-commerce and banking sites, are experienced in dealing with denial-of-service attacks, and they have sophisticated software designed to identify malicious traffic.

Q: If these attacks make use of compromised computers, what could I do to prevent that or fix it?

A: If your computer is being used in a denial-of-service attack, you're likely to see a significant slowdown, because your processing power is being siphoned for the assault. But there aren't always obvious signs that your computer has been infected.

So the best thing is to focus on prevention, namely by making sure your antivirus software gets updated over the next few days.

If you're concerned your machine might be infected, it's wise to run an antivirus scan. Many antivirus companies offer a free scan from their Web sites.