The attacks were a topic of discussion during a press briefing today at the U.S. Department of State, where a reporter pressed the State Department spokesman for details.
". . . The attack against our state.gov website started on July 5th. It’s still ongoing, but I’m told that it’s much reduced right now. The U.S. Computer Emergency Readiness Team is working with the State Department’s Office of the Chief Information Officer, the CIO Office, and also with our Computer Incident Response Team. But I think, as you know, the State Department wasn’t the only target of these attacks," said the spokesman, Ian Kelly.
If only 20,000 computers could be compromised in a way that has them trained to launch a denial of service attack against some pretty high-octane web sites (the State Department, the Secret Service, the Treasury Department, etc.), and cripple them for even a short while, one has to wonder if it was merely a dry run for a bigger attack. There's no way to know for sure if the activity was coming from North Korea over the long holiday weekend in the U.S., but the attacks against U.S. web sites happened at the same time North Korea was also testing out missiles. (The cyber attacks may have actually caused more damage.)
For the record, the CRN Test Center's own threat trendspotting network picked up suspicious activity against it during the long holiday weekend from several geographies, including South Korea and China. While suspicious activity from non-proxy IP addresses located in China is an almost daily happening, it is considerably rarer from Korea.
No matter what, it always feels like public sector cybersecurity conferences -- at least those I've been to lately -- leave people shaking their heads over whatever the latest breach has been, with a lot of talk about "being proactive" for next time.