- The Washington Times - Thursday, July 16, 2009

A leading authority on cyberwarfare says the Independence Day attack that knocked some U.S. government Web sites offline was so primitive it could be compared to a modern air force using hot-air balloons instead of planes to attack a foe.

“We should have been able to shrug it off,” James Lewis, project director of the independent blue-ribbon Commission on Cyber Security for the 44th Presidency told The Washington Times. “The physical equivalent of this would have been an attack using hot-air balloons.”

A senior Department of Homeland Security official who requested anonymity to speak freely about interagency issues, said the government’s response to the attacks was “beautifully choreographed … everything went well.”

The attacks, which began July 4 and continued through most of last week, targeted 47 Web sites in the United States and South Korea, according to data collected by Shadowserver.org, a group that monitors cyberattacks.

“The attack itself was very minor,” said Marcus Sachs, director of the Internet Storm Center, a volunteer monitoring group run by Web security specialists.

Mr. Sachs said the attacks were “distributed denial of service” (DDOS) attacks, carried out using large networks of computers — known as “botnets” — that have been infected with a software virus without the knowledge of their owners.

Upon a broadcast command, or at a predetermined time, these computers begin bombarding their target Web sites with millions of fake requests for information, overloading them and causing real visitors to the site to experience long delays, or sometimes shutting the Web sites down altogether.

Specialists say it is almost impossible to discover the true origin of such attacks, and although some reports have cited anonymous South Korean intelligence officials as blaming North Korea, none of the specialists who spoke to The Times backed that thesis.

“There’s not a shred of technical evidence it was North Korea,” Mr. Sachs said.

Most of the U.S. sites targeted were only marginally affected, but those of some government agencies, including the Federal Trade Commission and the Secret Service, were temporarily knocked offline.

“It’s pathetic” that some agencies’ Web sites were unable to withstand the attack, Mr. Lewis said.

The Homeland Security official said not all Web sites required the same level of security, and that it was important to distinguish between sites that were just there as a shop window and those with which the public might have to interact, or that housed sensitive or confidential information.

“It makes sense for everyone that Web sites are sized appropriate to their mission,” the official said; “different sites have different resilience needs.”

For a site that was there simply to give information to the public, the key security issue would be integrity — ensuring that the data was accurate and could not be tampered with. Availability — ensuring that everyone was always able to reach the site quickly and easily — would be a secondary issue. “There are different ways to do your risk assessments [about the threat posed by various kinds of cyberattacks] depending on your mission,” the official said.

“DDOS attacks don’t cause any lasting damage,” the official added.

Story Continues →