CIA website brought down by attack, LulzSec claims responsibility

15 Jun

The CIA website at is currently inaccessible, having apparently fallen foul of a distributed denial-of-service (DDoS) attack.

Almost inevitably, fingers are pointing towards the notorious LulzSec hacktivist group who have made a name for themselves recently with a series of attacks against corporations, organisations and websites – sometimes forcing them offline, and on other occasions stealing personal information by exploiting security flaws.

A post to LulzSec’s Twitter feed appears to confirm their participation in the attack:

The Lulz Boat@LulzSec
The Lulz Boat

Tango down – – for the lulz.

LulzSec claims to be exposing security vulnerabilities in websites and organisations for “fun”, but a poll conducted earlier today by Sophos discovered that many don’t believe hacking and denial-of-service attacks to be a laughing matter:

Do you find LulzSec’s activities amusing? (Poll Closed)
Yes, they’re funny. And they’re making a serious point about security. More power to them! 39.57%  (611 votes)

Yes, they’re funny. But I don’t approve of what they’re doing 17.1%  (264 votes)

No, hacking into companies and launching DDoS attacks is no laughing matter 43.33%  (669 votes)

There has been a long catalogue of attacks perpetrated by LulzSec in the last few weeks. For instance, earlier this month, LulzSec hacked into FBI affiliate InfraGard and exposed usernames, passwords and email addresses. The group also posted information about the US Senate’s webservers earlier this week.

While some people think this is a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are – in the worst cases – having their personal data exposed.

There are responsible ways to inform a business that its website is insecure, or it has not properly protected its data – you don’t have to put innocent people at risk. What’s disturbing is that so many internet users appear to support LulzSec as it continues to recklessly break the law.

With this new attack against the CIA website, you have to ask yourself if LulzSec has finally bitten off more than it can chew. After all, they’ve just poked a very grizzly bear with a pointy stick. LulzSec’s cockiness may be their undoing.

by Graham Cluley on June 15, 2011

Leave a comment

Posted by on June 15, 2011 in Computer Security


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: