NSA’s website goes offline. Human screw-up or DDoS attack?

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

At the time of writing, the NSA’s website has been inaccessible for a few hours.

NSA website down

Inevitably suspicions have been raised that the site could have fallen victim to a distributed denial-of-service attack from hackers making a stand against the surveillance agency, or perhaps a peeved German Chancellor Angela Merkel is simply getting her own back.

nsa-down-170 But we shouldn’t forget that it’s equally possible that someone has screwed-up, or that a technical fault has teken the website offline.

Sign up to our free newsletter.
Security news, advice, and tips.

It shouldn’t be forgotten, of course, that a DDoS attack is a very rudimentary way of striking at a website – and nothing like as serious as if an organisation’s website was compromised, or information stole from a company’s servers.

If it *is* a DDoS attack though, the timing perhaps wouldn’t be surprising. After all, the NSA has a high profile in the news right now.

This weekend, a rally against mass surveillance is taking place this weekend in front of Union Station, Washington, D.C. having gained the support of internet celebrities like Tim Berners-Lee and more traditional Hollywood stars such as Maggie Gyllenhaal and John Cusack.

Stop Watching Us: The Video

To underline what I hope should be obvious – I am in no way suggesting that the organisers of the rally are connected in any way with the NSA website downtime.

Is the NSA’s website disruption due to DDoS-attacking hackers orchestrating a botnet? I think the jury is out, and we shouldn’t rush to jump to that conclusion until the agency itself shares some details publicly about what’s going on.

Update: Some, as the following tweet shows, suggest that the problem is down to a DNS change.

Update 2: The NSA has now issued a statement, reported by ABC News, confirming that they were not the victim of a DDoS attack but instead suffered from an “internal error”:

“NSA.gov was not accessible for several hours tonight because of an internal error that occurred during a scheduled update,” the spy agency said in an emailed statement. “The issue will be resolved this evening. Claims that the outage was caused by a distributed denial of service [DDoS] attack are not true.”


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.