LulzSec Takes Down CIA Website ... On a Dare

Paul Wagenseil, SecurityNewsDaily managing editor
June 15 2011 07:52 PM ET
lulzsec-1101513-02
The LulzSec logo.
CREDIT: Twitter

Well, that was impressive.

In what's sure to be among the most brazen cyberattacks in history, the hacker group LulzSec took down the website of the Central Intelligence Agency Wednesday evening (June 15).

"Tango down - cia.gov - for the lulz," tweeted the @lulzsec account at 5:48 p.m. Eastern time.

The security experts who follow LulzSec quickly retweeted that sure enough, the CIA website was down. It came back up between 8 and 9 p.m. Eastern time.

For the past six weeks, LulzSec, or Lulz Security ("lulz" is a common Internet term for "laughs" or "yuks") have been the Internet's merry pranksters, gleefully breaking into large websites and detailing their exploits with witty quips on their Twitter feed and their equally entertaining website.

In the past three days, LulzSec has infiltrated the U.S. Senate website , taken down several online games and taunted the regulars of 4chan, the uncensored online discussion board that spawned Anonymous.

Some security experts have grudgingly admitted to admiring LulzSec, since they expose security weaknesses without doing any real harm.

But taking on the CIA puts LulzSec in a very different game. Attacking a powerful, secretive government agency can only bring the wrath of the U.S. government on them. When you challenge a law-enforcement branch of the U.S. government, it will almost certainly respond with overwhelming force.

How they did it and why

The CIA website almost certainly fell to a distributed denial-of-service (DDoS) attack, which simply bombards a Web server with millions or even billions of unreturnable requests to connect, drowning out legitimate traffic. DDoS attacks usually leave no damage once they're over, but can tie up lots of IT staffers in overtime.

Video
Hackers Who 'Wreaked Havoc' at Sony Jailed in UK
Hackers Who 'Wreaked Havoc' at Sony Jailed in UK
Four are men sentenced to jail for a hacking spree that caused millions of dollars of damage. Powered by NewsLook.
View Video

What's impressive about this DDoS attack is that the CIA website would presumably be well guarded against such a pedestrian attack, and that LulzSec thought to be a few individuals could marshal enough firepower to take it down.

Anonymous, which can assemble hundreds or even thousands of individuals to participate in DDoS attacks, has had trouble knocking well-guarded sites offline.

The CIA takedown may have been the result of a taunt by a rival hacker. The Gawker blog reports that a new Twitter user calling himself Quadrapodacone got into a "flame war" with LulzSec Wednesday afternoon.

"DDoS is not hacking, stop calling yourselves hackers, you're giving real hackers a bad name," he called out to them. "Try hitting a hard target like a government agency or a fortune 500 company... chumps."

At 5:32 p.m., Quadrapodacone said to Lulzsec, "Here's a challange... fbi.gov or cia.gov try changing some text or something :P"

Within 15 minutes, the CIA website was offline.

premium-security-suite

Video
Apple Unlocks iPhone 4 and IBM Celebrates 100 Years
Apple Unlocks iPhone 4 and IBM Celebrates 100 Years
Review of CyberPatrol
Review of CyberPatrol
Review of Web Easy Professional
Review of Web Easy Professional
Review of goEmerchant
Review of goEmerchant
Company Company Info About the Site Contact Us Advertise with Us Using our Content Licensing & Reprints Privacy Policy Sitemap
Network TopTenREVIEWS LiveScience SPACE.com LaptopMag TechNewsDaily Newsarama BusinessNewsDaily Herman Street
Follow TechNewsDaily Join Our Mailing List
Copyright © 2013 All Rights Reserved.