Hackers claim hit on CIA website (Update 2)

Jun 16, 2011 by Glenn Chapman
The CIA symbol is shown on the floor of its headquarters in Langley, Virginia. The public website of the US Central Intelligence Agency (CIA) was apparently knocked out of commission by hackers on Wednesday.

A hacker group was brazenly ramping up its antics as waves of cyberattacks targeting even the US spy agency expose how poorly defended many networks are against Internet marauders.

"It's becoming a big problem, because at the end of the day these guys are doing whatever they want," said Panda computer security labs technical director Luis Corrons. "This is showing us that we have a long way to go to protect our systems and our information."

The public website of the US () on Wednesday joined a growing list of hacker targets that has included Sony, The International Monetary Fund, and Citibank.

The CIA told AFP it was looking into reports that cia.gov was knocked offline temporarily by a hacker group calling itself Lulz Security.

Lulz has claimed in recent weeks to have cracked into Sony, Nintendo, the US Senate, the Public Broadcasting System news organization, and an Infragard company that works with the FBI.

The group is flaunting its notoriety with a telephone hotline for people to call and suggest targets for cyberattacks.

"Our number literally has anywhere between five and 20 people ringing it every single second," members of the group said in a message on their @LulzSec Twitter account.

Setting up a telephone hotline was "kind of eccentric" given that the could have easily created an online forum asking for targets, according to Corrons.

"These guys are upsetting a lot of people," Corrons said. "They think they will never be caught, and that could be their biggest mistake."

A hacker group brazenly ramped up its antics as unrelenting waves of cyberattacks expose how poorly defended many networks are against Internet marauders.

Lulz has seized the spotlight amid unrelenting reports of cyberattacks with apparent motivations ranging from spying and profit to glory and activism.

"As we get more connected more of the time, the number of potential attackers is growing because anyone can do it from anywhere in the world," Corrons said. "As the number of potential attackers grows, the number of successful attacks grows."

Hacker group Anonymous, from which Lulz is believed to have formed, gained notoriety with cyberattacks in support of controversial WikiLeaks.

Unlike cyber criminals who amass armies of "zombie" computers by stealthily infecting machines with viruses, people volunteered to install software in support of Anonymous campaigns, according to Corrons.

"Anonymous has been out there for years," Corrons said, noting the group had launched attacks on music or movie firms taking people to task for pirated songs or films.

"When the WikiLeaks case came, they reacted fast and gained a lot of popularity," he said.

Anonymous used a tried and true distributed-denial-of-service (DDoS) attack that overwhelms websites with simultaneous requests for pages or other bits of content.

At times about 5,000 computers, each firing off about 10 requests per second, took aim at websites for Anonymous, according to Spain-based PandaLabs.

The logo of the International Monetary Fund (IMF) at the organization's headquarters in Washington, DC. The International Monetary Fund has joined a growing list of hacking victims that includes the US payroll-handling firm Automatic Data Processing, Sony and Citibank.

"There are not so many people now as there were a few months ago; I see fewer people connected," Corrons said of Anonymous. "Maybe people are realizing that you can protest, but this is not the best way."

Lulz may be related to Anonymous, but its tactics are more sophisticated.

Lulz cracks computer system defenses instead of simply flooding websites with page requests.

"In the Lulz group, they know what they are doing when it comes to breaking into places," Corrons said.

"It's their way to say the security here sucks and we are going to show you why," he continued. "Based on the way they act, I would say they are young people."

Other attacks reported in recent months, such as those on the IMF, weapons maker Lockheed Martin, and Gmail accounts connected to Chinese activists, bore signs of being the work of spies with political or financial objectives.

"This is showing us that we have a long way to go to protect our systems and our infrastructure," Corrons said. "This is a failure from private companies and even security companies -- there is a lot of room to improve."

Explore further: Google Baseline Study aims to define what a healthy human looks like

add to favorites email to friend print save as pdf

Related Stories

LulzSec hackers taunt with telephone hotline

Jun 15, 2011

A hacker group on Wednesday brazenly ramped up its antics as unrelenting waves of cyberattacks expose how poorly defended many networks are against Internet marauders.

Hackers target Bethesda videogame studio

Jun 13, 2011

US videogame studio Bethesda Softworks on Monday said its websites were hit with a cyberattack over the weekend and warned that hackers may have stolen some user data.

'Anonymous' hackers planning 'real-world attacks'

Feb 17, 2011

A computer security firm working to expose members of hacker group "Anonymous" pulled out of a premier industry conference here due to threats of real-world attacks on its employees.

Hackers claim new Sony cyberattack

Jun 03, 2011

Hackers have claimed to have compromised more than one million passwords, email addresses and other information from SonyPictures.com in the latest cyberattack on the Japanese electronics giant.

Wikileaks defenders hack computer security firm

Feb 07, 2011

A hacker group behind online attacks on companies that withdrew services to WikiLeaks busted through the defenses of a computer security firm working with federal agents to expose their identities.

Recommended for you

Study shows role of media in sharing life events

19 hours ago

To share is human. And the means to share personal news—good and bad—have exploded over the last decade, particularly social media and texting. But until now, all research about what is known as "social sharing," or the ...

UK: Former reporter sentenced for phone hacking

Jul 24, 2014

(AP)—A former British tabloid reporter was given a 10-month suspended prison sentence Thursday for his role in the long-running phone hacking scandal that shook Rupert Murdoch's media empire.

Evaluating system security by analyzing spam volume

Jul 24, 2014

The Center for Research on Electronic Commerce (CREC) at The University of Texas at Austin is working to protect consumer data by using a company's spam volume to evaluate its security vulnerability through the SpamRankings.net ...

Surveillance a part of everyday life

Jul 24, 2014

Details of casual conversations and a comprehensive store of 'deleted' information were just some of what Victoria University of Wellington students found during a project to uncover what records companies ...

User comments : 8

Adjust slider to filter visible comments by rank

Display comments: newest first

Doschx
5 / 5 (1) Jun 16, 2011
100 internets to the hacker(s).
People are going to have to come to the realization that anything they do in the modern world is recorded and distributed and that anything they "possess" that has any connection to the internet is really just glorified community property. Learn to live in a glass house or go off the grid. These and the gradient between are the only choices you have.

It does suck that our national defense infrastructure lands high on the list of desirable targets but that's simply the world we live in. Interpol's been hacked too so I'd hazard a guess that this is more widespread than just america. Perhaps this all serves as a DMZ of constant assault that keeps all nation's defenses strong and up to date so that when developed nations finally do clash they'll all stand on an equal footing. Who knows? Nobody knows. That's what's exciting about the future.
Wolf358
3 / 5 (2) Jun 16, 2011
"Computer security" is a fantasy made up for the digital arms race; maybe it's time to try something really different: less secret stuff.
jdbertron
1 / 5 (1) Jun 16, 2011
Protecting systems is easy, and affordable. The problem is cultural.
Skultch
not rated yet Jun 16, 2011
This means nothing. The CIA does not really care. This does not affect their operations in the least. This is a publicity stunt, and nothing more.
Royale
5 / 5 (1) Jun 16, 2011
Yea skultch, honestly. It was a DDoS attack on their public website. Whoopee do. It's not affecting internal operations at all.
El_Nose
not rated yet Jun 16, 2011
this was a website hack -- i am not affiliated with the government -- BUT i would guess that truely secret stuff at the CIA is on an internal network that has no access to the internet at all. If this is not the case -- they deserve to get hacked.
Skultch
not rated yet Jun 16, 2011
i would guess that truely secret stuff at the CIA is on an internal network that has no access to the internet at all.


I was an IT manager in the Army. TS clearance.

The servers for cia(dot)gov probably stand alone. Let's say they do have some unclassified (but confidential) portal on the Internet. VPN with rolling keys is probably mandatory, even for that. Their secret network is probably not accessible from the Internet unless you have an NSA Type 1 encryption device. These things are only available to US govt/military, afaik. Top Secret ? The only access is from a SCIF, which is like an RF blocking bunker with armed guards, and zero connectivity to anything below secret level, and it's even protected from that secret net by some kind of Type 1 tunnel. Even this is usually avoided if at all possible.
poof
not rated yet Jun 19, 2011
i would guess that truely secret stuff at the CIA is on an internal network that has no access to the internet at all.


I was an IT manager in the Army. TS clearance.

The servers for cia(dot)gov probably stand alone. Let's say they do have some unclassified (but confidential) portal on the Internet. VPN with rolling keys is probably mandatory, even for that. Their secret network is probably not accessible from the Internet unless you have an NSA Type 1 encryption device. These things are only available to US govt/military, afaik. Top Secret ? The only access is from a SCIF, which is like an RF blocking bunker with armed guards, and zero connectivity to anything below secret level, and it's even protected from that secret net by some kind of Type 1 tunnel. Even this is usually avoided if at all possible.


This should be the security model for the internet.