Public website of the Central Intelligence Agency went down on Wednesday evening as the hacker group Lulz Security said it had launched an attack.
Lulz Security has claimed responsibility for recent attacks on the Senate, Sony Corp, News Corp and the U.S. Public Broadcasting System television network.
The CIA site initially could not be accessed from New York to San Francisco, and Bangalore to London. Later in the evening service was sporadic.
"We are looking into these reports," a CIA spokeswoman said.
Lulz Security has defaced websites, posted personal information about customers and site administrators, and disclosed the network configurations of some sites.
Security analysts have downplayed the significance of these attacks, saying the hackers are just looking to show off and get as much attention as possible.
In the case of the CIA attack, hackers would not be able to access sensitive data by breaking into the agency's public website, said Jeffrey Carr, author of the book Inside Cyber Warfare: Mapping the Cyber Underworld.
Hacker group Anonymous, from which Lulz is believed to have formed, gained notoriety with cyberattacks in support of controversial website WikiLeaks.
Unlike cyber criminals who amass armies of "zombie" computers by stealthily infecting machines with viruses, people volunteered to install software in support of Anonymous campaigns, according to Corrons.
"Anonymous has been out there for years," Corrons said, noting the group had launched attacks on music or movie firms taking people to task for pirated songs or films.
"When the WikiLeaks case came, they reacted fast and gained a lot of popularity," he said.
Anonymous used a tried and true distributed-denial-of-service (DDoS) attack that overwhelms websites with simultaneous requests for pages or other bits of content.
At times about 5,000 computers, each firing off about 10 requests per second, took aim at websites for Anonymous, according to Spain-based PandaLabs.
"There are not so many people now as there were a few months ago; I see fewer people connected," Corrons said of Anonymous. "Maybe people are realizing that you can protest, but this is not the best way."
Lulz may be related to Anonymous, but its tactics are more sophisticated.
Lulz cracks computer system defenses instead of simply flooding websites with page requests.
"In the Lulz group, they know what they are doing when it comes to breaking into places," Corrons said.
"It's their way to say the security here sucks and we are going to show you why," he continued. "Based on the way they act, I would say they are young people."
Other attacks reported in recent months, such as those on the IMF, weapons maker Lockheed Martin, and Gmail accounts connected to Chinese activists, bore signs of being the work of spies with political or financial objectives.
"This is showing us that we have a long way to go to protect our systems and our infrastructure," Corrons said. "This is a failure from private companies and even security companies -- there is a lot of room to improve.
No comments:
Post a Comment