Access requests formed by malware crippled the Web sites of South Korea's presidential office, defense ministry, and the National Assembly, the South Korea Communications Commission reported.

The National Intelligence Service in South Korea told South Korean lawmakers Wednesday that North Korea was behind the attacks, according to the AP, citing an aide to one of the lawmakers. NIS, South Korea's spy agency, said it could not confirm the report but was working with officials in the U.S.

The U.S. Department of Homeland Security has issued a notice to federal agencies on handling such attacks. "We see attacks on federal networks every day, and measures in place have minimized the impact to federal Web sites," spokesperson Amy Kudwa told Reuters.

Denial of Service

Both U.S. and South Korean Web sites were hit with denial-of-service attacks. DoS attacks often are intended to prevent a Web site or Internet service from functioning properly, temporarily or indefinitely. A DoS attack overwhelms a target with resource requests for bandwidth or server availability.

Typically, attackers have far less bandwidth per machine and need to band together to facilitate DoS attacks, according to Jose Nazario, a security analyst with Arbor Networks. In this case, 12,000 personal computers in South Korea and 8,000 in the U.S. were hijacked to bring down government, financial institutions, and media Web sites.

Politically motivated DoS attacks have increased around the world both by number and severity, according to Nazario. Notable examples include Olympic Web sites taken down by hackers in Korea in 2002, Web sites in Estonia taken down in April 2007, attacks between Russia and Ukraine, and China's DoS attacks against Cable News Network's Web site.

A security specialist who was part of the team that discovered the McColo spamming botnet has a different take on the attacks. "What confuses this whole image is the suspected political rhetoric, as shown from some press sources regarding North Korea or China," said Jart Armin of HostExploit. "Of course, as this is repeated around the Internet, the word 'suspected' is soon lost in translation."

"In fact these DoS attacks are from remote file inclusion (RFI) hackers using compromised servers in such places as Morocco and Malaysia," Armin added. "The hackers themselves are of Indonesia and Brazil origin, some of which were also clients of 3FN (a rogue ISP that hosts botnets and other illegal malicious content) before their closedown by the FTC."

Restoring Order

DoS attacks violate both the Internet Architecture Board's Internet Proper Use Policy and the acceptable-use policies of nearly all Internet service providers.

ac On Wednesday, most of the more than two dozen Web sites attacked were back to normal, while others were still not up and running at full capacity, thanks to hackers who initiated additional attacks on seven other Web sites, including Ahnlab, a company that provides online security services, according to the Korean press agency Yonhap News.

The NIS said U.S. authorities are cooperating to track down those responsible for the attacks.