Experts work to untangle US, South Korea cyber attack, disagree over extent of Pyongyang ties

Experts work to untangle US, Korea cyber attack

WASHINGTON — U.S. authorities trying to unravel the widespread cyber attacks against government Web sites in America and South Korea this week are facing a lengthy, complex investigation that may never identify a culprit, at least not one they would be willing to reveal.

Cyber experts familiar with the ongoing probe are divided over the extent of North Korean involvement, split between those who believe hackers may have simply used zombie computers in the region and those who think the communist nation has moved to the digital battlefield.

Active involvement by North Korea would signal a new advancement by the nuclear-ambitioned nation.

If Pyongyang is behind the attacks, “it probably establishes a new pattern of behavior,” said Rod Beckstrom, former head of the nation’s cybersecurity center. “If this is them, they are now in the club. And they’re probably only going to get better.”

Effects of the outage lingered Thursday, as State Department spokesman Ian Kelly said that cyber attacks on the department’s computers continued, though not at the high volume seen in the first wave of the assault. A new wave of computer attacks also battered government sites in South Korea but did not knock them offline.

“We are taking measures to deal with this and any potential new attacks,” Kelly said.

Investigators in both the U.S. and South Korea face a steep task in trying to trace the attack to its source. The assault involved more than 100,000 zombie computers linked together in a network known as a “botnet.” Most of those computers were in South Korea, but others were in Japan, China, the U.S. and possibly other countries.

Analysts and former government officials on Thursday said the effort to find the culprit in the wave of Web attacks would be a multi-pronged federal investigation that includes agents lurking in nefarious cyber chat rooms seeking tips on the attackers, and analysts poring over the computer code looking for digital fingerprints.

Beckstrom, now head of the Internet’s key oversight agency, the Marina del Rey, Calif.-based Internet Corporation for Assigned Names and Numbers, said Thursday the attacks lacked sophistication and was just a “basic hack job” a smart teenager could have launched. But others suggest it displayed characteristics of a higher level, more coordinated effort.

“Just from looking at footprint, it was Bigfoot, not Bambi,” said Charles Dodd, founder and chief technology officer for Nicor Cyber Security.

The assault began July 4 and targeted dozens of government and private sites in the U.S., including some federal agencies that were shut down for days as the attack continued into Tuesday.

Treasury Department and Federal Trade Commission Web sites were knocked out by the blizzard of digital requests, while others such as the Pentagon and the White House were able to fend it off with little disruption.

Robertson reported from San Jose, Calif.