CIA website brought down by DDoS attack, LulzSec hackers claim responsibility

The CIA website at is currently inaccessible, having apparently fallen foul of a distributed denial-of-service (DDoS) attack by hackers.

CIA website down

Almost inevitably, fingers are pointing towards the notorious LulzSec hacktivist group who have made a name for themselves recently with a series of attacks against corporations, organisations and websites – sometimes forcing them offline, and on other occasions stealing personal information by exploiting security flaws.

A post to LulzSec’s Twitter feed appears to confirm their participation in the attack:

Sign up to our free newsletter.
Security news, advice, and tips.

LulzSec claims to be exposing security vulnerabilities in websites and organisations for “fun”, but a poll conducted earlier today by Sophos discovered that many don’t believe hacking and denial-of-service attacks to be a laughing matter:

There has been a long catalogue of attacks perpetrated by LulzSec in the last few weeks. For instance, earlier this month, LulzSec hacked into FBI affiliate InfraGard and exposed usernames, passwords and email addresses. The group also posted information about the US Senate’s webservers earlier this week.

While some people think this is a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are – in the worst cases – having their personal data exposed.

LulzSec logoThere are responsible ways to inform a business that its website is insecure, or it has not properly protected its data – you don’t have to put innocent people at risk. What’s disturbing is that so many internet users appear to support LulzSec as it continues to recklessly break the law.

Fortunately, the likelihood is that the attack against the CIA’s website has not resulted in any sensitive information being stolen. But that’s not to say that the attack is harmless. The CIA website is a primary method through which the agency communicates with the rest of the world, and it’s not going to take kindly to being forced offline by hackers.

In case anyone’s in any doubt, a denial of service attack, like that which appears to have hit the CIA website, is against the law.

With this new attack against the CIA website, you have to ask yourself if LulzSec has finally bitten off more than it can chew. After all, it has just poked a very grizzly bear with a pointy stick. LulzSec’s cockiness may be its undoing.

Update: The CIA website is sporadically accessible again.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.