The hacker group Lulz Security (LulzSec) has claimed it has brought down the public-facing website of the US Central Intelligence Agency. The alleged hack on CIA.gov occurred on the same day that the group opened a telephone request line, enabling its fans to suggest potential targets. The group wrote on its Twitter feed: "Tango down – cia.gov – for the lulz".
The CIA website was inaccessible at times on Wednesday 15th June, but appeared to be back up on Thursday. The hack claim could not immediately be verified.
LulzSec has risen to prominence in recent months by attacking a range of high-profile targets, including Sony, Nintendo, several US broadcasters, and the public-facing web site of the US Senate.
On Wednesday, LulzSec claimed to have launched Denial of Service attacks on several websites in response to suggestions on its "request line", although it gave no details.
Lulz Security attacks:
LulzSec mounts very frequent attacks, with recent targets said to have included:
• May 7: US X Factor contestant database
• May 10: Fox.com user passwords
• May 15: Database listing locations of UK cash machines
• May 23: Sonymusic Japan website
• May 30: US broadcaster PBS. Staff logon information
• June 2: Sonypictures.com user information
• June 3: Infragard website (FBI affiliated organisation)
• June 3: Nintendo.com
• June 10: Pron.com pornographic website
• June 13: Senate.gov – website of US Senate
• June 13: Bethesda software website
• June 14: EVE Online, League of Legends, The Escapist and others
The claim regarding the CIA.gov website emerged a few hours after these last attacks. A CIA spokesman told the Associated Press that the agency was "looking into" the report. LulzSec published details of the telephone hotline on its Twitter feed, with callers to the US number being greeted by a recorded message, in a heavy French accent, from someone calling himself Pierre Dubois.
Lulz Security said it had used distributed denial-of-service attacks (DDoS) against eight sites suggested by callers. DDoS attacks typically involve crashing a website by inundating it with requests from computers under the attacker’s control.
Little is known about Lulz Security, other than their apparent "hacktivist" motivation. The organisations and companies that it targets are often portrayed as having acted against the interests of citizens or consumers.
Its high-profile attack on SonyPictures.com exposed the company’s ongoing inability to secure users’ personal data, LulzSec claimed. Along with Anonymous, LulzSec has raised the profile of hacker groups as a potential threat to online services.
You might not feel that your organisation’s web site is sufficiently high profile to come to the attention of LulzSec, Anonymous or similar groups. Nevertheless, it only takes an individual with sufficient motivation and technical knowledge to mount a successful, targeted attack against a particular web site. There are many examples of corporate web sites in the UK (both public and private sector) having been defaced, often by a hacker with a general grudge against the organisation concerned or by someone who is simply doing it ‘for a laugh’.
If you believe that your web site is not as secure as it could be then Regency IT Consulting are ideally placed to help. We can provide independent, impartial advice on how to tighten up your web site security, based on a tailored threat assessment that helps you to identify the kinds of threat that your organisation might realistically face.