WASHINGTON - U.S. authorities yesterday suspected North Korea as the origin of the widespread cyber attack that overwhelmed government Web sites in the United States and South Korea, although they warned it would be difficult to definitively identify the attackers quickly.

The powerful attack that targeted dozens of government and private sites underscored how unevenly prepared the U.S. government is to block such multipronged assaults.

While Web sites of the Treasury Department and Federal Trade Commission were shut down by the software attack, which lasted for days over the holiday weekend, other sites such as those of the Pentagon and the White House were able to fend it off with little disruption.

Among other targets of the most widespread cyber offensive in recent years were the National Security Agency, Homeland Security Department, State Department, Nasdaq, New York Stock Exchange, and Washington Post, according to an early analysis of the software used in the attacks.

The cyber attack did not appear, at least at the outset, to target internal or classified files or systems, but instead was aimed at agencies' public sites, creating a nuisance both for officials and the Web consumers who use the sites.

A possible North Korean link, described by three officials, more firmly connected the U.S. attacks to another wave of cyber assaults that hit government agencies Tuesday in South Korea. The officials said that while Internet addresses have been traced to North Korea, that does not necessarily mean the attack involved the Pyongyang government.

South Korean intelligence officials have identified North Korea as a suspect in their attacks and said that the sophistication of the assault suggested it was carried out at a higher level than just rogue or individual hackers. U.S. officials would not go that far and declined to discuss publicly who might have instigated the intrusion.

The cyber assaults are known as "denial of service" attacks. Such attacks against Web sites are not uncommon and are caused when sites are so deluged with Internet traffic that they are effectively taken off-line.

Mounting such attacks can be relatively easy and inexpensive, using widely available hacking programs, and they become far more serious if hackers infect and tie thousands of computers together into "botnets."

The cyber assault on the White House site had "absolutely no effect on the White House's day-to-day operations," said spokesman Nick Shapiro. He said that preventive measures kept whitehouse.gov stable and available to the general public, but that Internet visitors from Asia might have experienced problems.

All federal Web sites were back up and running, Shapiro said. A State Department spokesman said that agency's site was up but still experiencing problems. A Web site for the U.S. Secret Service had experienced access problems but did not crash, the agency's spokesman said.

"We see attacks on federal networks every single day, and measures in place have minimized the impact to federal Web sites," said Amy Kudwa, spokeswoman for the Department of Homeland Security.

Joe Stewart, director of malware research for the counter-threat unit of SecureWorks Inc., said there was no indication yet of a claim of responsibility hidden anywhere in the program behind the attacks. He and other researchers were analyzing the code for clues to the attacker's identity.

Stewart noted that the attacks on U.S. government sites appeared to expand after the initial assaults over the holiday weekend failed to generate any publicity. He said the "target list" contained in the program's code had only five U.S. government sites on it July 5, but was broadened the next day to include nongovernment sites inside the United States.

The next day, the South Korean Web sites were added. "It seems to me they thought the first round wasn't successful . . . they felt they weren't getting enough attention because nobody was talking about their attacks," Stewart said.

Dale Meyerrose, former chief information officer for the U.S. intelligence community, said that at least one of the federal-agency Web sites got saturated with as many as a million hits per second per attack - amounting to four billion Internet hits at once. He would not identify the agency, but he said the Web site was generally capable of handling a level of about 25,000 users.

Meyerrose, who is now vice president at Harris Corp., said the characteristics of the attack suggested the involvement of 30,000 to 60,000 computers.

Officials both inside and outside government agreed yesterday that the incident brought to the forefront a key 21st-century threat. James Lewis, a senior fellow at the Center for Strategic and International Studies, said the fact that both the White House and Defense Department were attacked but didn't go down pointed to the need for coordinated government network defenses.

"It says that they were ready, and the other guys weren't ready," he said. "We are disorganized. In the event of an attack, some places aren't going to be able to defend themselves."