Who's behind cyber assaults?

TOKYO — At least 35 government and commercial Web sites in South Korea and the United States came under major attack over the past several days, fueling suspicions of involvement by North Korea or its sympathizers.

In the United States, the attacks targeted Web sites operated by major government agencies, including the departments of Homeland Security and Defense, the Federal Aviation Administration and the Federal Trade Commission, according to several computer-security researchers. The Washington Post's site was also affected.

South Korea's main spy agency, the National Intelligence Service, said in a statement that it believed the attack was carried out "at the level of a certain organization or state," but did not elaborate. The South Korean news agency Yonhap reported that intelligence officials had told South Korean lawmakers that North Korea or its sympathizers were prime suspects in the attacks. A spokesman for the intelligence service said it could not confirm the report.

The attacks were described as a "distributed denial of service," a relatively unsophisticated form of hacking in which personal computers are commanded to overwhelm certain Web sites with a blizzard of data. The effort did not involve the theft of sensitive information or the disabling of crucial operational systems, government and security experts said. But they said it was widespread, resilient and aimed at U.S. and South Korean government Web sites.

South Korea is one of the world's most wired countries, with broadband access in more than 90 percent of homes and Internet data-transfer speeds that are much faster than in most of the United States. Earlier this year, a number of South Korean news organizations reported that North Korea was running a cyberwarfare unit that targets military computer networks in South Korea and the United States.

Experts, however, cautioned against implicating North Korea too soon.

"In the dozens of instances that I worked over the past decade, I cannot recall a single instance in which someone intending to attack came from the source it appeared to have come from," said Dale W. Meyerrose, former chief information officer for the Office of the Director of National Intelligence. "Most attackers in cyberspace try to mask who they really are."

A U.S. government official, speaking on condition of anonymity, said American intelligence and law-enforcement agencies are working to determine the source of the attacks.

Officials declined to confirm the agencies affected by the attack, but according to security researchers and a Korean-language computer-security Web site, the White House site was among the 35 sites hit. A White House official said Tuesday that denial-of-service attacks on federal government Web sites are a regular occurrence and that there have not been any disruptions on White House Web sites recently.

Over the weekend, thousands of computers around the globe were infected with rogue software that told them to repeatedly attempt to access the targeted sites, a tactic aimed at driving up traffic beyond the sites' normal capacity and denying access to legitimate users, according to the researchers, many of whom spoke on condition of anonymity because they are helping with the investigation.

At least one expert described the software as "amateurish," and full of programming errors.

Department of Homeland Security spokeswoman Amy Kudwa said the agency was aware of ongoing attacks and that the government's Computer Emergency Response Team had issued guidance to public- and private-sector Web sites on stemming them.

"We see attacks on federal networks every day, and measures in place have minimized the impact to federal Web sites," Kudwa said.

A U.S. official familiar with the attacks said they were significant in the sense that they were widespread and well-coordinated. In addition to government sites, several commercial sites were attacked, including those operated by Nasdaq and the New York Stock Exchange.

In South Korea, no classified information was compromised during the attacks in the past two days, the country's intelligence agency said, adding that it was cooperating with U.S. officials to track the source of the problem. North Korea in recent months has provoked its neighbors by launching a long-range missile, detonating its second nuclear device and repeatedly threatening war. On the Fourth of July, it launched seven missiles into the Sea of Japan.