E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.		 LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


CIA HACK EXPOSES AGENCY'S COMPUTER SYSTEM VULNERABILITY TO ATTACK

Source: Examiner.com

Posted on February 20, 2012

The CIA website was hit in a series of attacks conducted by the elusive hacker group that previously targeted US law enforcement agencies in response to the "crack down" of Occupy movement protestors. As reported earlier, Anonymous took credit for hitting the websites of the US Department of Homeland Security, which was quickly revived, and the FBI.

The CIA seems less prepared for fighting Anonymous than other agencies as it's website fell rather quickly according to various reports. If the work of dhs.gov was revived in mere minutes, the CIA's site was still down hours after the attacks.

JUST FOR LAUGHS?

One of the twitter accounts affiliated with Anonymous explained the reasons of the attack: "We do it for the lulz," referring to the popular online abbreviation "for laughs."

In previous occasions Anonymous has orchestrated attacks against websites using what are called "distributed denial of services attacks". The technique also known as a DDoS, is a concentrated effort by multiple individuals to make a network busy to its intended users.

A denial-of-service attack (DoS attack) or "distributed denial-of-service attack" (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.

The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.

The United States Computer Emergency Readiness Team (US-CERT) defines symptoms of denial-of-service attacks to include:
• Unusually slow network performance (opening files or accessing web sites);
• Unavailability of a particular web site;
• Inability to access any web site;
• Dramatic increase in the number of spam emails received--(this type of DoS attack is considered an e-mail bomb)

Denial-of-service attacks can also lead to problems in the network 'branches' around the actual computer being attacked. For example, the bandwidth of a router between the Internet and a LAN may be consumed by an attack, compromising not only the intended computer, but also the entire network.

If the attack is conducted on a sufficiently large scale, entire geographical regions of Internet connectivity can be "compromised" without the attacker's knowledge or intent by incorrectly configured or flimsy network infrastructure equipment.

"Computers are basically overwhelmed in such attacks", says Jack Smack, a teen hacker in Charlotte, N.C. Even though DDoS attacks are a violation of the Internet Architecture Board's proper use policy, it has become an effective tool for Anonymous to target law enforcement authorities and drug cartels.

This is not the first time Anonymous takes down cia.gov. In June, as part of a 51-day-long hacking spree, the Anonymous affiliated group LulzSec took down the CIA's site for a few hours. The reason was the same as today: "For the lulz."

Two weeks ago, the online group also released an audio of a conference call between the US Federal Bureau of Investigation and Britain's Scotland Yard counterpart targeting members of the largely untraceable group.

It was done as part of the F*ckFBIFriday campaign, hackers downed the official website for the Central Intelligence Agency of the United States cia.gov.

At approximately 3:10 p.m. Eastern standard time one of twitter accounts related to the hackers' group announced "cia.gov DOWN. #UMAD?#Anonymous."

"This was meant to convey a message", said Whitey Neumann of Charlotte, who has been studying the tactics of Anonymous in an attempt to better understand the group.

Last week we found out the FBI also got hacked.

Along with the "top secret audio leaks", numerous other sites fell victim to Anonymous' hack attacks including entertainment corporations and government sites.

The websites for the US Department of Justice and Universal Music Group were among the first to go, with the sites for US Copyright Office, Warner Music, BMI, and RIAA following suit shortly after.

These attacks were in retaliation for a raid on "Megaupload", where the feds raided the file sharing service site which led to more than 20 warrants being served and several arrests internationally. This was viewed unfavorably by members of Anonymous.

Anonymous is completely decentralized and its members operate covertly. Members of Anonymous could be anywhere, could be anyone. Traditionally known as F*ckFBIFriday, into F*ckCIAFriday, as hackers shut down the official website for the Central Intelligence Agency of the United States cia.gov.

At approximately 3:10 p.m. Eastern time one of twitter accounts related to the hackers' group announced "cia.gov DOWN. #UMAD?#Anonymous." This corresponded to the time when the CIA was attacked.

CIA VULNERABLITY ON DISPLAY FOR THE WHOLE WORD TO SEE

"It must be hugely embarrassing for the CIA to be attacked by a denial of service attack and be caught with its proverbial pants down", says Tom Smith of Charlotte, who said the attack bring to light just how vulnerable the CIA is to hackers. "In a way this is a good thing, because the CIA can use this to help close gaps in its systems and upgrade its security", he said.

"What else was compromised in the hack of CIA", says Erin Van Kamp of Charlotte, a computer security experts. Defending against Denial of Service attacks typically involves the use of a combination of attack detection, traffic classification and response tools, aiming to block traffic that they identify as illegitimate and allow traffic that they identify as legitimate.



CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.