Hackers claim hit on CIA website (Update 2)

June 16, 2011 by Glenn Chapman
The CIA symbol is shown on the floor of its headquarters in Langley, Virginia. The public website of the US Central Intelligence Agency (CIA) was apparently knocked out of commission by hackers on Wednesday.

A hacker group was brazenly ramping up its antics as waves of cyberattacks targeting even the US spy agency expose how poorly defended many networks are against Internet marauders.

"It's becoming a big problem, because at the end of the day these guys are doing whatever they want," said Panda computer security labs technical director Luis Corrons. "This is showing us that we have a long way to go to protect our systems and our information."

The public website of the US () on Wednesday joined a growing list of hacker targets that has included Sony, The International Monetary Fund, and Citibank.

The CIA told AFP it was looking into reports that cia.gov was knocked offline temporarily by a hacker group calling itself Lulz Security.

Lulz has claimed in recent weeks to have cracked into Sony, Nintendo, the US Senate, the Public Broadcasting System news organization, and an Infragard company that works with the FBI.

The group is flaunting its notoriety with a telephone hotline for people to call and suggest targets for cyberattacks.

"Our number literally has anywhere between five and 20 people ringing it every single second," members of the group said in a message on their @LulzSec Twitter account.

Setting up a telephone hotline was "kind of eccentric" given that the could have easily created an online forum asking for targets, according to Corrons.

"These guys are upsetting a lot of people," Corrons said. "They think they will never be caught, and that could be their biggest mistake."

A hacker group brazenly ramped up its antics as unrelenting waves of cyberattacks expose how poorly defended many networks are against Internet marauders.

Lulz has seized the spotlight amid unrelenting reports of cyberattacks with apparent motivations ranging from spying and profit to glory and activism.

"As we get more connected more of the time, the number of potential attackers is growing because anyone can do it from anywhere in the world," Corrons said. "As the number of potential attackers grows, the number of successful attacks grows."

Hacker group Anonymous, from which Lulz is believed to have formed, gained notoriety with cyberattacks in support of controversial WikiLeaks.

Unlike cyber criminals who amass armies of "zombie" computers by stealthily infecting machines with viruses, people volunteered to install software in support of Anonymous campaigns, according to Corrons.

"Anonymous has been out there for years," Corrons said, noting the group had launched attacks on music or movie firms taking people to task for pirated songs or films.

"When the WikiLeaks case came, they reacted fast and gained a lot of popularity," he said.

Anonymous used a tried and true distributed-denial-of-service (DDoS) attack that overwhelms websites with simultaneous requests for pages or other bits of content.

At times about 5,000 computers, each firing off about 10 requests per second, took aim at websites for Anonymous, according to Spain-based PandaLabs.

The logo of the International Monetary Fund (IMF) at the organization's headquarters in Washington, DC. The International Monetary Fund has joined a growing list of hacking victims that includes the US payroll-handling firm Automatic Data Processing, Sony and Citibank.

"There are not so many people now as there were a few months ago; I see fewer people connected," Corrons said of Anonymous. "Maybe people are realizing that you can protest, but this is not the best way."

Lulz may be related to Anonymous, but its tactics are more sophisticated.

Lulz cracks computer system defenses instead of simply flooding websites with page requests.

"In the Lulz group, they know what they are doing when it comes to breaking into places," Corrons said.

"It's their way to say the security here sucks and we are going to show you why," he continued. "Based on the way they act, I would say they are young people."

Other attacks reported in recent months, such as those on the IMF, weapons maker Lockheed Martin, and Gmail accounts connected to Chinese activists, bore signs of being the work of spies with political or financial objectives.

"This is showing us that we have a long way to go to protect our systems and our infrastructure," Corrons said. "This is a failure from private companies and even security companies -- there is a lot of room to improve."

Explore further: Some glitches seen in deadline week for 'Obamacare' sign-ups

Related Stories

Snow grounds flights at Dutch airports

December 11, 2017

Snow wreaked havoc in the low-lying Netherlands on Monday, closing down Eindhoven airport completely, shutting schools and leading to transport chaos with hundreds of flights and trains cancelled or delayed.

Tech titans ramp up tools to win over children

December 10, 2017

From smartphone messaging tailored for tikes to computers for classrooms, technology titans are weaving their way into childhoods to form lifelong bonds, raising hackles of advocacy groups.

Recommended for you

A not-quite-random walk demystifies the algorithm

December 15, 2017

The algorithm is having a cultural moment. Originally a math and computer science term, algorithms are now used to account for everything from military drone strikes and financial market forecasts to Google search results.

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

FCC votes along party lines to end 'net neutrality' (Update)

December 14, 2017

The Federal Communications Commission repealed the Obama-era "net neutrality" rules Thursday, giving internet service providers like Verizon, Comcast and AT&T a free hand to slow or block websites and apps as they see fit ...

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...

8 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

Doschx
5 / 5 (1) Jun 16, 2011
100 internets to the hacker(s).
People are going to have to come to the realization that anything they do in the modern world is recorded and distributed and that anything they "possess" that has any connection to the internet is really just glorified community property. Learn to live in a glass house or go off the grid. These and the gradient between are the only choices you have.

It does suck that our national defense infrastructure lands high on the list of desirable targets but that's simply the world we live in. Interpol's been hacked too so I'd hazard a guess that this is more widespread than just america. Perhaps this all serves as a DMZ of constant assault that keeps all nation's defenses strong and up to date so that when developed nations finally do clash they'll all stand on an equal footing. Who knows? Nobody knows. That's what's exciting about the future.
Wolf358
3 / 5 (2) Jun 16, 2011
"Computer security" is a fantasy made up for the digital arms race; maybe it's time to try something really different: less secret stuff.
jdbertron
1 / 5 (1) Jun 16, 2011
Protecting systems is easy, and affordable. The problem is cultural.
Skultch
not rated yet Jun 16, 2011
This means nothing. The CIA does not really care. This does not affect their operations in the least. This is a publicity stunt, and nothing more.
Royale
5 / 5 (1) Jun 16, 2011
Yea skultch, honestly. It was a DDoS attack on their public website. Whoopee do. It's not affecting internal operations at all.
El_Nose
not rated yet Jun 16, 2011
this was a website hack -- i am not affiliated with the government -- BUT i would guess that truely secret stuff at the CIA is on an internal network that has no access to the internet at all. If this is not the case -- they deserve to get hacked.
Skultch
not rated yet Jun 16, 2011
i would guess that truely secret stuff at the CIA is on an internal network that has no access to the internet at all.


I was an IT manager in the Army. TS clearance.

The servers for cia(dot)gov probably stand alone. Let's say they do have some unclassified (but confidential) portal on the Internet. VPN with rolling keys is probably mandatory, even for that. Their secret network is probably not accessible from the Internet unless you have an NSA Type 1 encryption device. These things are only available to US govt/military, afaik. Top Secret ? The only access is from a SCIF, which is like an RF blocking bunker with armed guards, and zero connectivity to anything below secret level, and it's even protected from that secret net by some kind of Type 1 tunnel. Even this is usually avoided if at all possible.
poof
not rated yet Jun 19, 2011
i would guess that truely secret stuff at the CIA is on an internal network that has no access to the internet at all.


I was an IT manager in the Army. TS clearance.

The servers for cia(dot)gov probably stand alone. Let's say they do have some unclassified (but confidential) portal on the Internet. VPN with rolling keys is probably mandatory, even for that. Their secret network is probably not accessible from the Internet unless you have an NSA Type 1 encryption device. These things are only available to US govt/military, afaik. Top Secret ? The only access is from a SCIF, which is like an RF blocking bunker with armed guards, and zero connectivity to anything below secret level, and it's even protected from that secret net by some kind of Type 1 tunnel. Even this is usually avoided if at all possible.


This should be the security model for the internet.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.