July 4th Hacker Attack Targeted Major U.S. Government Sites

South Korean government sites are also struck. Was North Korea to blame?

Sure, most Americans spent last weekend grilling meat, drinking beer and blowing thing up. But the pasty, lonely few that spent Forth of July weekend browsing the websites of the Department of Homeland Security and the Department of Transportation noticed something terribly amiss. Those websites, along with 12 other US government websites along with numerous South Korean government sites were loading very, very slowly, and sometimes, not at all. The culprit? A massive distributed denial-of-service attack.

The DDoS attack shut down the websites of the President, Defense Ministry and the National Assembly of South Korea, as well as the websites of the American Federal Trade Commission, the Treasury Department and Secret Service. The attack were launched by a vast network of zombie computers that simultaneously started to monopolize the bandwidth of the targeted sites.

However, who perpetrated the attacks remains a point of contention. As reported by The New York Times, the South Korean news agency Yonhap quoted Korean intelligence officials who claimed that the attacks originated in North Korea. And this afternoon, Fox News reported that Pentagon sources also blame the North Koreans for the attack.

Of course, not everyone is convinced. According to George Smith, a senior fellow at Globalsecurity.org, Yonhap’s story about North Korean guilt sounds like a story planted by the South Korean spy agency, and isn’t consistent with the cyberwar abilities North Korea has displayed in the past.

“You think this is North Korea? That’s kinda pathetic on their part,” Smith told Popsci.com. “They have nuclear weapons, and they choose to attack by making websites slower? If there hadn’t been news stories, would anyone have noticed? Probably not.”

In fact, some have already proposed an alternative explanation. Rather than North Korea, PC World Magazine claims the South Korean computer security company AhnLab identified a resurgent MyDoom computer virus as the source of the problem. They also quote a South Korean blogger who analyzed the target list in the code of the new MyDoom virus, and found it consistent with the websites attacked over the weekend.

For those who don’t remember, MyDoom emerged in 2004 and quickly became the fastest spreading computer virus of all time. (You can read more about MyDoom in Popsci.com’s Top 10 Computer Virus Countdown).

Regardless of who started the attack, most experts agree that it was fairly insignificant. The attack didn’t slow down any vital internet functions such as stock trading or e-commerce, and didn’t penetrate into areas that hold sensitive data.

“It’s the difference between someone breaking into your house and someone leaving their trashcans in front of your driveway,” said Martin Libicki, a senior policy analyst at the Rand Corporation, told us. “Fascinating, yes. Consequential, that’s another story.”