An apparent denial of service attack, which overloads a site’s servers with requests for access, crippled portions of www.Justice.gov Thursday afternoon. Despite the hours-long outage, Justice and White House officials initially said they unaware of the attack.
By late Thursday, DOJ admitted its site was experiencing “a significant increase in activity, resulting in a degradation in service,” and officials said they would treat the situation “as a malicious act until we can fully identify the root cause of the disruption.”
A loosely affiliated group of hackers known as Anonymous said the attack was in response to DOJ’s decision to shut down Megaupload.com on charges that the popular Web site illegally shared movies, television shows and e-books. Several of the site’s executives were indicted and arrested Thursday by the FBI.
In July, another hacker group, LulzSec, claimed responsibility for taking down the CIA’s Web site for about two hours. Days later, Anonymous celebrated a successful denial of service attack on MasterCard’s site.
Hackers also used about 60,000 compromised computers around the world with varying success in 2009 to target sites for the White House, the Department of Homeland Security, the Defense Department and the Federal Aviation Administration.
The U.S. Computer Emergency Readiness Team, a component of DHS, is responsible for monitoring major cybersecurity threats for the federal government and the private sector, but each federal agency is responsible for its own information technology security — leading to a disparate, unorganized system of protocols and protections that costs taxpayers billions of dollars annually.
A December government report found that 56 federal agencies own at least 1,489 .gov domains and operate thousands of individual sites. Agencies reported using at least 150 different systems to create and publish Web sites and 250 different Web hosting providers. Most decisions on how to publish sites are made by mid-level agency officials, the report said. The report, requested by the White House, was meant to provide the first government-wide inventory of federal Web holdings.
Though the federal government has systems in place to protect against significant, widespread cybersecurity attacks, every agency must fend for itself against the kind of attack that occurred Thursday. Is that a good thing? Or a recipe for disaster? The comments section awaits your thoughts.
Follow Ed O’Keefe on Twitter: @edatpost