 Noah VailSon made my AvatarPremium
join:2004-12-10
Lorton, VA
kudos:1
 ·Bright House
 ·Sprint Mobile Br..
| Anonymous | cia.gov > null said by ITWorld :Hacktivist collective Anonymous has struck again at the U.S. government, claiming to have taken down cia.gov, the main web site for the Central Intelligence Agency.
The site went down about 3:10 p.m., apparently under a massive distributed denial of service (DDOS) attack.
No specific reason for the attack was announced, nor were any specific groups or individuals within Anonymous named as the attackers. 
cia ya
--
Adopting other people's animosity is The New Stupid. |
|
 fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:13
Bright House Netwo..
Earthlink DSL
TekSavvy
Forum Feature Requ..
Need Site Help
| the CIA website
Department of Justice website
Copyright Office website
FBI website
All hacked in the last week by Anonymous.
Conference call between the FBI and Scotland Yard leaked.
Emails from Syrian President leaked.
Frank Wuterich's lawyers' emails leaked.
All by Anonymous.
»www.pcmag.com/article2/0,2817,2400140,00.asp
They make governments, especially the US government, look incompetent.
--
hey Dale |
|
 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 | reply to Noah Vail
When did the attack end (or was defeated) as no problems getting to it tonight?
Blake |
|
1 edit | reply to fatness
Incompetence plays a part, but the basics mechanics internet interaction are inherently broken and insecure for what they're used for today. It's absurd to blame the people who run servers that get attacked for that.
Bandwith is cheap and easily available. Anyone can buy DDoS; botnet use is sold for just this purpose. There's nothing special about taking down a website because it's just so easy now. It's not unusual to see upwards of 10 gigabits of bandwith per second and millions of packets per second in an attack.
If someone wants you down, you will be taken down. Only if you plunk down hundreds of thousands for high-end top of the line mitigation hardware can you possibly hope to negate a determined attacker.
Mostly it's about when the attacker decides to give up, or you negate enough of the malicious traffic in order to come back up. So, the only solutions are after the fact. |
|
|
|
fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:13 Host:
Bright House Netwo..
Earthlink DSL
TekSavvy
Forum Feature Requ..
Need Site Help
| said by Pseudonym01:If someone wants you down, you will be taken down. Only if you plunk down hundreds of thousands for high-end top of the line mitigation hardware can you possibly hope to negate a determined attacker.
When you think of the billions spent by the various US 'security' agencies and departments, that amount of money sounds quite small, doesn't it?
--
hey Dale |
|
| Sure. But, you can't buy 500 Cisco mitigation appliances, put them in a row and hope for 500x the effect. There's a limit as to what you can do with current mitigation methods when faced with a large-scale attack.
Given how the CIA's website is probably not hosted deep in Area 51 using alien technology, I'm assuming they're using normal methods.
That doesn't mean incompetence. In the field of webhosting, anyways. |
|
Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 Reviews:
·Shaw
| reply to fatness
said by fatness:When you think of the billions spent by the various US 'security' agencies and departments, that amount of money sounds quite small, doesn't it?
Its a simple public information site, so how much is it worth to keep up?
edit - how long was it down for and why did it come back, was the attack derailed or did they stop the attack on their own?
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
Noah VailSon made my AvatarPremium
join:2004-12-10
Lorton, VA
kudos:1 Reviews:
·Bright House
·Sprint Mobile Br..
| said by Link Logger:how long was it down for and why did it come back, was the attack derailed or did they stop the attack on their own? The site went offline a bit after 3pm and stayed down for at least 3hrs - 4hrs.
Most likely is that the heaviest DDoS lasted less than an hour.
After that, cia-IT may have decided to keep the site down while they ruled out any possibility of intrusion.
--
Adopting other people's animosity is The New Stupid. |
|
Noah VailSon made my AvatarPremium
join:2004-12-10
Lorton, VA
kudos:1 Reviews:
·Bright House
·Sprint Mobile Br..
| reply to Pseudonym01
said by Pseudonym01:Incompetence plays a part, but the basics mechanics internet interaction are inherently broken and insecure for what they're used for today.
It's absurd to blame the people who run servers for that. I wouldn't either. I would blame the IT directors and the bean counters, however.
said by Pseudonym01:Bandwith is cheap and easily available. Anyone can buy DDoS; botnet use is sold for just this purpose. There's nothing special about taking down a website because it's just so easy now. It's not unusual to see upwards of 10 gigabits of bandwith per second and millions of packets per second in an attack. If we're speaking about the Anon attacks mentioned by fatness  , we can rule out a botnet. Anon attacks tend to be guided by hand.
You don't need Gb/sec to bring down a firewall. Malformed packets, retrans timeouts and a doz other crafted attacks can be very effective.
One guy could have PDoS'd an edge router if he knew his target and was aware of a vuln.
From what I've seen lately, the companies who manage the borders between the peer providers and the .gov host still have a lot of old hardware in place.
said by Pseudonym01:If someone wants you down, you will be taken down. Only if you plunk down hundreds of thousands for high-end top of the line mitigation hardware can you possibly hope to negate a determined attacker. From the web front end to the border is mostly handled by established companies.
Some are spun out of the Dept of Commerce and other agencies; but are still private companies that compete for contracts.
Not all of them are good choices.
said by Pseudonym01:Mostly it's about when the attacker decides to give up, or you negate enough of the malicious traffic in order to come back up. So, the only solutions are after the fact.
Sometimes. It depends.
There are intervention services that are very effective at mitigating DDoS.
I've watched Anon pass over sites because Akamai was providing the services. It's beyond their usual capability.
But Akamai doesn't come cheap. Someone has to measure cost against risk and make a decision.
And they do.
--
Adopting other people's animosity is The New Stupid. |
|
Noah VailSon made my AvatarPremium
join:2004-12-10
Lorton, VA
kudos:1 Reviews:
·Bright House
·Sprint Mobile Br..
| reply to Noah Vail
CNet posted a synopsis of site attacks.
It's US-Centric so most of the significant events in Brazil, N Africa, E Europe and the Middle east (and there were a lot) - were omitted.
It's still a nice overview however.
--
Adopting other people's animosity is The New Stupid. |
|
1 edit | All though the CIA website was taken down, that STILL DOES NOT mean their Classified servers are down as these are NOT in any way connected to the outside world.
Its bad enough that their website was taken down, but its not all that serious because their classified data systems are still functioning.
So basically, the CIA is not crippled just because their site is down.
If it was their classified SIPRNet (Secret Internet Protocol Router Network) that were to be attacked then this would be more more serious than this. |
|
 JuggernautIrreverent or irrelevant?Premium
join:2006-09-05
Everywhere
kudos:1 | Do you think they'd tell us mere mortals if it was? 
That's a 'State Secret', ya know! |
|
| I dont understand....Why cannot the FBI or the Secret Service track these guys down?
Its a joke that this has been happening to almost all US Gov websites and still, the FBI is unable to get these morons. |
|
JuggernautIrreverent or irrelevant?Premium
join:2006-09-05
Everywhere
kudos:1 | Perhaps the correct question is, do they really want to? |
|
fatnesssubtleJanitor
join:2000-11-17
fishing
kudos:13 Host:
Bright House Netwo..
Earthlink DSL
TekSavvy
Forum Feature Requ..
Need Site Help
| reply to Link Logger
said by Link Logger:said by fatness:When you think of the billions spent by the various US 'security' agencies and departments, that amount of money sounds quite small, doesn't it?
Its a simple public information site, so how much is it worth to keep up? How much is it worth for the US government to keep people informed? Are you kidding?
How much did it cost to design and update that site over the years? »www.cia.gov/
There are hundreds of pages on that site with information designed for the public to read. Here's one:
 CIA.png 5266853 bytes
There's a contacts page. You know, so people can actually find how to contact their government. »www.cia.gov/contact-cia/index.html
There's a careers page, including information for students:
I don't think this question about "how much is it worth" gets asked each time a new surveillance/monitoring government program is discussed? Why is that? Are they more important than informing the public?
A group of hackers is showing how weak the defenses are for US government sites. You posted numerous times in multiple topics about Anonymous being on the verge of trouble, biting off more than they could chew, about to be shut down. That hasn't turned out to be the case. Now you're saying that is just isn't worth doing because information being provided to the public isn't really that important.
Anonymous is making the 'security' part of our government look like clowns.
--
hey Dale |
|
| As others have pointed out, does a mere informational website fall under the "security" umbrella, though? It's not like they have a shopping section where you can buy CIA gear, and possible credit cards were exposed.
I won't argue that they need to beef up security in general. But so does the whole internet.
But yeah, it's a cost. vs. benefit situation. This isn't Amazon, where uptime is money.
said by Noah Vail:If we're speaking about the Anon attacks mentioned by fatness , we can rule out a botnet. Anon attacks tend to be guided by hand. The effect is the same however, if not quite as constant as a botnet. And lately there have been attempts to use the unwilling to launch attacks as well, so it's still similar. |
|
 MikePremium,Mod
join:2000-09-17
Pittsburgh, PA | reply to Noah Vail
You mean the marketing honey pot was disrupted? |
|
| I dont know what it is about these Government info systems, but they need to do a better job in security. As we all know by now here on this forum, we read so much articles about the Pentagon or other Government agency systems hacked or breached.
I dont know....But maybe they have lazy IT Security Admins there that need to be FIRED!!!!!!
I got to admit, that the Private Sector companies do a MUCH better job at securing their IT systems.... |
|
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7 | Yeah, the private sector does a stellar job. |
|
 Dude111An Awesome DudePremium
join:2003-08-04
USA
kudos:10
 ·Time Warner VOIP
| reply to fatness
Many believe ANONYMOUS is WORKING WITH THE GOVT! to help ensue total internet lockdown 
IN OTHER WORDS
The stop of FREE INFORMATION BEING SHARED (Giving the elite all the power they need to fuck with ppl at will)
WAKE UP PEOPLE!!!!!!!! |
|
