Tuesday, July 7, 2009

Very Interesting: Federal Web sites knocked out by cyber attack

"Verry een-ter-esting."

Hmmm. THIS is, to quote Arte Johnson, "Verry een-ter-esting."

Mike
III

Federal Web sites knocked out by cyber attack

Jul 7 10:04 PM US/Eastern

By LOLITA C. BALDOR


Associated Press Writer

WASHINGTON (AP) - A widespread and unusually resilient computer attack that began July 4 knocked out the Web sites of several government agencies, including some that are responsible for fighting cyber crime, The Associated Press has learned.

The Treasury Department, Secret Service, Federal Trade Commission and Transportation Department Web sites were all down at varying points over the holiday weekend and into this week, according to officials inside and outside the government. Some of the sites were still experiencing problems Tuesday evening.

Federal government officials refused to publicly discuss any details of the cyber attack, and would only generally acknowledge that it occurred. It was not clear whether other government sites also were attacked.

Others familiar with the outage, which is called a denial of service attack, said that the fact that the government Web sites were still being affected three days after it began signaled an unusually lengthy and sophisticated attack. The officials spoke on condition of anonymity because they were not authorized to speak on the matter.

The Homeland Security Department confirmed that officials had received reports of "malicious Web activity" and they were investigating the matter, but had no further comment. Two government officials acknowledged that the Treasury and Secret Service sites were brought down, and said the agencies were working with their Internet service provider to resolve the problem.

Ben Rushlo, director of Internet technologies at Keynote Systems, called it a "massive outage" and said problems with the Transportation Department site began Saturday and continued until Monday, while the FTC site was down Sunday and Monday.

Keynote Systems is a mobile and Web site monitoring company based in San Mateo, Calif. The company publishes data detailing outages on Web sites, including 40 government sites it watches.

According to Rushlo, the Transportation Web site was "100 percent down" for two days, so that no Internet users could get through to it. The FTC site, meanwhile, started to come back online late Sunday, but even on Tuesday Internet users still were unable to get to the site 70 percent of the time.

"This is very strange. You don't see this," he said. "Having something 100 percent down for a 24-hour-plus period is a pretty significant event."

He added that, "The fact that it lasted for so long and that it was so significant in its ability to bring the site down says something about the site's ability to fend off (an attack) or about the severity of the attack."

Denial of service attacks against Web sites are not uncommon, and are usually caused when sites are deluged with Internet traffic so as to effectively take them off-line. Mounting such an attack can be relatively easy using widely available hacking programs, and they can be made far more serious if hackers infect and use thousands of computers tied together into "botnets."

For instance, last summer, in the weeks leading up to the war between Russia and Georgia, Georgian government and corporate Web sites began to see "denial of service" attacks. The Kremlin denied involvement, but a group of independent Western computer experts traced domain names and Web site registration data to conclude that the Russian security and military intelligence agencies were involved.

Documenting cyber attacks against government sites is difficult, and depends heavily on how agencies characterize an incident and how successful or damaging it is.

Government officials routinely say their computers are probed millions of times a day, with many of those being scans that don't trigger any problems. In a June report, the congressional Government Accountability Office said federal agencies reported more than 16,000 threats or incidents last year, roughly three times the amount in 2007. Most of those involved unauthorized access to the system, violations of computer use policies or investigations into potentially harmful incidents.

The Homeland Security Department, meanwhile, says there were 5,499 known breaches of U.S. government computers in 2008, up from 3,928 the previous year, and just 2,172 in 2006.

10 comments:

clell said...

Sounds like a 'gulf of tonklin' incident to me.

armed_and_christian said...

Gov't officials blame North Korea for cyber-attack

Does this mean we get to have a pre-emptive war with N.Korea for harboring cyber-terrorists?

milton f said...

I thought it was the chinese grubbermint that was supposed to come under cyber attack.

Anonymous said...

Largely meaningless as no computing resources of consequence were brought down.

If people can not get the DHS or FTC websites over the weekend the entire world is not going to stop.

Besides they probably only receive several hits a day from people wanting to send resumes to become part of the elite class that has benefits for life if they shill for 5 years.

If somebody can get into these networks and wreak havoc then we have something.

Squanto said...

Yeah, because 12 year old computer nerds are a great reason to go to war. And Eurasia has always been at war with East Asia.

It's a very safe bet to believe anything other than what the gunverment says.

Jesse M. said...

Interesting!

Anonymous said...

ain't it amazin'.

that such an "attack" would occur on a HOLIDAY WEEKEND when .gov offices are closed anyway. don't they NK have a current calender?

what better excuse to implement a new internet security act.

parabarbarian said...

This could just be a bunch of pimply faced adolescents living in the basement and unable to get a date. It could also be an intelligence gathering operation.

A DOS attack is unlikely to succeed but it does cause a flurry of search engine activity from the workstations used by network and systems administrators. An attacker can position his captive sites to appear near the top of particular searches and gain information about systems he might normally never see traffic from.

The high traffic level also overwhelms edge systems in predictable ways. After the attack is over, the responses can be analyzed for hint of how the internal network security is configured.

Anonymous said...

But but but but I thought everybody loved us now that tao has been crowned and apologized for our existence?

deadbolt said...

Look for mass collective punishments soon...a dragnet for the ages!