LulzSec Takes Down CIA Website ... On a Dare
The LulzSec logo.
Well, that was impressive.
In what's sure to be among the most brazen cyberattacks in history, the hacker group LulzSec took down the website of the Central Intelligence Agency Wednesday evening (June 15).
"Tango down - cia.gov - for the lulz," tweeted the @lulzsec account at 5:48 p.m. Eastern time.
The security experts who follow LulzSec quickly retweeted that sure enough, the CIA website was down. It came back up between 8 and 9 p.m. Eastern time.
For the past six weeks, LulzSec, or Lulz Security ("lulz" is a common Internet term for "laughs" or "yuks") have been the Internet's merry pranksters, gleefully breaking into large websites and detailing their exploits with witty quips on their Twitter feed and their equally entertaining website.
In the past three days, LulzSec has infiltrated the U.S. Senate website , taken down several online games and taunted the regulars of 4chan, the uncensored online discussion board that spawned Anonymous.
Some security experts have grudgingly admitted to admiring LulzSec, since they expose security weaknesses without doing any real harm.
But taking on the CIA puts LulzSec in a very different game. Attacking a powerful, secretive government agency can only bring the wrath of the U.S. government on them. When you challenge a law-enforcement branch of the U.S. government, it will almost certainly respond with overwhelming force.
How they did it and why
The CIA website almost certainly fell to a distributed denial-of-service (DDoS) attack, which simply bombards a Web server with millions or even billions of unreturnable requests to connect, drowning out legitimate traffic. DDoS attacks usually leave no damage once they're over, but can tie up lots of IT staffers in overtime.
What's impressive about this DDoS attack is that the CIA website would presumably be well guarded against such a pedestrian attack, and that LulzSec thought to be a few individuals could marshal enough firepower to take it down.
Anonymous, which can assemble hundreds or even thousands of individuals to participate in DDoS attacks, has had trouble knocking well-guarded sites offline.
The CIA takedown may have been the result of a taunt by a rival hacker. The Gawker blog reports that a new Twitter user calling himself Quadrapodacone got into a "flame war" with LulzSec Wednesday afternoon.
"DDoS is not hacking, stop calling yourselves hackers, you're giving real hackers a bad name," he called out to them. "Try hitting a hard target like a government agency or a fortune 500 company... chumps."
At 5:32 p.m., Quadrapodacone said to Lulzsec, "Here's a challange... fbi.gov or cia.gov try changing some text or something :P"
Within 15 minutes, the CIA website was offline.
- Bad Hackers Do Good, Warn British Health Service of Security Holes
- 2011 Set to Be Worst Year Ever for Security Breaches
- Cybercrime Blotter: High-Profile Hacks of 2011