The CIA website at cia.gov is currently inaccessible, having apparently fallen foul of a distributed denial-of-service (DDoS) attack.
Almost inevitably, fingers are pointing towards the notorious LulzSec hacktivist group who have made a name for themselves recently with a series of attacks against corporations, organisations and websites – sometimes forcing them offline, and on other occasions stealing personal information by exploiting security flaws.
A post to LulzSec’s Twitter feed appears to confirm their participation in the attack:
LulzSec claims to be exposing security vulnerabilities in websites and organisations for “fun”, but a poll conducted earlier today by Sophos discovered that many don’t believe hacking and denial-of-service attacks to be a laughing matter:
There has been a long catalogue of attacks perpetrated by LulzSec in the last few weeks. For instance, earlier this month, LulzSec hacked into FBI affiliate InfraGard and exposed usernames, passwords and email addresses. The group also posted information about the US Senate’s webservers earlier this week.
While some people think this is a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are – in the worst cases – having their personal data exposed.
There are responsible ways to inform a business that its website is insecure, or it has not properly protected its data – you don’t have to put innocent people at risk. What’s disturbing is that so many internet users appear to support LulzSec as it continues to recklessly break the law.
With this new attack against the CIA website, you have to ask yourself if LulzSec has finally bitten off more than it can chew. After all, they’ve just poked a very grizzly bear with a pointy stick. LulzSec’s cockiness may be their undoing.
by Graham Cluley on June 15, 2011