The CIA website at cia.gov is currently inaccessible, having apparently fallen foul of a distributed denial-of-service (DDoS) attack by hackers.
Almost inevitably, fingers are pointing towards the notorious LulzSec hacktivist group who have made a name for themselves recently with a series of attacks against corporations, organisations and websites – sometimes forcing them offline, and on other occasions stealing personal information by exploiting security flaws.
A post to LulzSec’s Twitter feed appears to confirm their participation in the attack:
https://twitter.com/LulzSec/status/81115804636155906
LulzSec claims to be exposing security vulnerabilities in websites and organisations for “fun”, but a poll conducted earlier today by Sophos discovered that many don’t believe hacking and denial-of-service attacks to be a laughing matter:
There has been a long catalogue of attacks perpetrated by LulzSec in the last few weeks. For instance, earlier this month, LulzSec hacked into FBI affiliate InfraGard and exposed usernames, passwords and email addresses. The group also posted information about the US Senate’s webservers earlier this week.
While some people think this is a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are – in the worst cases – having their personal data exposed.
There are responsible ways to inform a business that its website is insecure, or it has not properly protected its data – you don’t have to put innocent people at risk. What’s disturbing is that so many internet users appear to support LulzSec as it continues to recklessly break the law.
Fortunately, the likelihood is that the attack against the CIA’s website has not resulted in any sensitive information being stolen. But that’s not to say that the attack is harmless. The CIA website is a primary method through which the agency communicates with the rest of the world, and it’s not going to take kindly to being forced offline by hackers.
In case anyone’s in any doubt, a denial of service attack, like that which appears to have hit the CIA website, is against the law.
With this new attack against the CIA website, you have to ask yourself if LulzSec has finally bitten off more than it can chew. After all, it has just poked a very grizzly bear with a pointy stick. LulzSec’s cockiness may be its undoing.
Update: The CIA website is sporadically accessible again.