Government Agencies, Washington Post Targeted in Cyberattack

Government Agencies, Washington Post Targeted in Cyberattack
A widespread and coordinated cyberattack during the past few days has targeted Web sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer security researchers.

The attack involved thousands of computers around the globe infected with rogue software that told them to repeatedly attempt to access the targeted sites, a tactic aimed at driving up traffic beyond the sites' normal capacity and denying access to legitimate users, according to the researchers, many of whom spoke on the condition of anonymity because they are helping with the investigation.

Amy Kudwa, a spokeswoman for the Department of Homeland Security, said that the agency was aware of ongoing attacks and that the government's Computer Emergency Response Team had issued guidance to public and private sector Web sites to stem the attacks.

"We see attacks on federal networks every day, and measures in place have minimized the impact to federal Web sites," Kudwa said.

The attack did not penetrate the targeted Web sites, and the attackers did not steal any data. The attack was reported last night by the Associated Press.

"It certainly seems to be a well-organized attack," said a government official familiar with the attack who spoke on the condition of anonymity. "There are a lot of computers involved. What we don't know is who is orchestrating it."

The official said that not knowing who's behind the assault is "problematic" from the standpoint of preventing future attacks. But from the point of view of response, he said, the government and private sector Internet service providers were able to "keep this down to a dull roar."

He said that the attacks were major in the sense that they were widespread and well-coordinated, and that though the FTC Web site was down most of the day Tuesday, "the reality is that most of the Web sites have been up most of the time so the countermeasures have been pretty effective."

Government officials declined last night to confirm the agencies affected by the attack. A White House official said that denial of service attacks on federal government Web sites are a regular occurrence and that there have not been any disruptions on White House Web sites recently.

A total of 26 Web sites were targeted, according to the researchers. In addition to sites run by government agencies, several commercial Web sites were also attacked, including those operated by Nasdaq, the New York Stock Exchange and The Washington Post. Representatives from washingtopost.com could not be reached for comment.

Another security researcher familiar with the attack said there appear to be at least 60,000 infected computers besieging the targeted Web sites. The researcher said a large percentage of those compromised systems were located in South Korea.

Joe Stewart, director of malware research at Atlanta based SecureWorks, said he examined the attack software and found that it contained few clues about its origins, although a line of text buried within the malware carried the cryptic message "get/china/dns." He said the attack is hitting various sites in the U.S. and South Korea simultaneously.

 

 

网络入侵规模化 政府却道是乌有

美国国土安全部、国防部、联邦航空局以及联邦商务委员会正遭受着流氓软件的攻击，据有关计算机安全研究员称，这次攻击，有组织，有规模。

其实，全球数千台电脑正经受着同样的命运。此类流氓软件让中毒的计算机反复尝试前往目标网站，导致该网站的通信量超过它的正常承载能力，让合法用户无法进入。（研究员大多正参与协助调查，故匿名。）

美国国土安全部女发言人埃米•库德娃表示已留意到不断扩大的网络攻击，并称国家计算机紧急反应小组已经向公、私两部门的网站发布了反攻击指导。

“联邦网络每天都遭到攻击，但适当的应对措施将被攻击程度减到最低，”库德娃说。这些攻击并没有深入网站内部，入侵者也没能偷取到任何数据。

 “这看上去就知道是精心策划的，”一位通晓网络攻击的政府官员匿名说，“有许多电脑遭了殃，但我们不知道到底谁是策划者。”这对于如何防止接下来的攻击无疑是“成问题的”，但谈及应对措施，他表示公、私部门的互联网服务提供商有能力“使此次攻击变得无力。”他说，虽然联邦贸易委员会的网站几乎在星期二就瘫痪掉，“但事实上，大多网站很快又恢复正常，因此应对措施还是非常有效的。”

政府官员们拒绝证实政府机构网络遭受到攻击。一位白宫官员说，联邦政府网站拒绝服务是件常事，近来并没有遭到什么破坏。

研究人员称，一共有26个网站成为攻击对象。除官方机构的网络外，一些商业网络同样也受到了侵害，全国证券交易商自动报价系统协会、纽约证券交易所和华盛顿邮报的网络系统就在其中。

另一位熟知这类攻击的网络安全研究员说，估计至少有6万台中毒的计算机正对目标网站形成围攻，照他的说法，组成攻击系统的大部分计算机来自韩国。

美国亚特兰大SecureWorks公司恶意软件研究主任乔•斯图尔特说，他检查了一下那个攻击软件，尽管恶意软件中隐藏着这样一行隐晦的“get/china/dns.”信息，但到底来源何方依旧难以找到线索。而不仅是美国，与此同时，韩国的许多网站也在遭受着这样的网络攻击。