
CIA.gov Possibly Down, LulzSec Claims Responsibility - curthopkins
http://www.readwriteweb.com/archives/ciagov_possibly_down_lulzsec_claims_responsibility.php#.TfkygTjrh9Q;hackernews
======
forgotusername
Works for me.

It puts me on edge that these idiots would pick such media-friendly targets to
strafe with their clueless bandwidth wastage; not looking forward to the next
round of "cyber security" laws one bit.

"Hey dad, tell me just one more time about how when you were a kid you used to
be able to make TCP connections freely and without the connection first being
authorized by the NSA." "Go to sleep, son."

~~~
gasull
I'm wondering if LulzSec is a false flag operation very well engineered.

~~~
omouse
It isn't, there's no point in doing that, not to mention how illegal that
would be. The US govt doesn't need any _more_ scandals of this nature
(wiretapping is enough I think).

Also, whenever a government really wants to do something, they'll use any
excuse that's available. For example; PATRIOT ACT, DMCA, Iraq Wars, etc. etc.
For cyber-security, if none of this Anon or LulzSec stuff happened, it would
be Russian or Chinese hackers that are infiltrating and by god we must protect
Americans from those evil foreign hackers. Or they would rely on the terrorist
excuse: the terrorists are losing in real life so they need to re-build
support and attract younger people so why not hack some sites and gain new
supporters that way? Beheadings and suicide bombings really fuck up the
recruitment rate for terrorist organizations.

See how easy it is to come up with an excuse that the internet needs to be
locked down?

~~~
d0ne
"It isn't, there's no point in doing that, not to mention how illegal that
would be. The US govt doesn't need any more scandals of this nature
(wiretapping is enough I think)."

Wiretapping scandal became public circa late 2005 -
[http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_co...](http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy)

Random collection of additional federal political 'scandals' since 2005:

1) This goes from 2001 - 2008 so skip to 2006 -
[http://en.wikipedia.org/wiki/List_of_federal_political_scand...](http://en.wikipedia.org/wiki/List_of_federal_political_scandals_in_the_United_States#2001.E2.80.932008_George_W._Bush_Administration)

2)
[http://en.wikipedia.org/wiki/List_of_federal_political_scand...](http://en.wikipedia.org/wiki/List_of_federal_political_scandals_in_the_United_States#2009.E2.80.93_Obama_Administration)

Additional 'scandals' with solid link to US Government:

1) <http://www.wired.com/threatlevel/2011/05/gps/>

2)
[http://www.techdirt.com/articles/20110218/02143213163/more-h...](http://www.techdirt.com/articles/20110218/02143213163/more-
hbgary-federal-fallout-government-wants-to-buy-software-to-fake-online-
grassroots-social-media-campaigns.shtml)

3) [http://www.thenation.com/article/161057/wikileaks-haiti-
let-...](http://www.thenation.com/article/161057/wikileaks-haiti-let-them-
live-3-day)

4)
[http://www.ban.org/ban_news/2010/101022_caught_exporting.htm...](http://www.ban.org/ban_news/2010/101022_caught_exporting.html)

5) [http://www.theinquirer.net/inquirer/news/1026810/us-
governme...](http://www.theinquirer.net/inquirer/news/1026810/us-government-
censors-wikipedia)

6) [http://www.elizabethwatson.org/featured/wikileaks-
reveals-a-...](http://www.elizabethwatson.org/featured/wikileaks-reveals-a-
government-caught-up-in-the-mendacity-of-lies/)

Just some random examples I pulled in 5 minutes. I don't believe the argument
"...not to mention illegal that would be." or "The US govt doesn't need any
more scandals..." has any bearing whatsoever on their decision making process
at the level of authority needed to authorize something as a false flag
operation for various reasons.

~~~
omouse
You're right of course, but my main point is they don't _need_ to do much in
order to come up with an excuse to do something. I'm sure there are easier
ways to get consent for locking down the internet than to create a false flag
operation; just use something that already exists (copyright infringement,
terrorism, porn, war on drugs, etc.)

~~~
pavel_lishin
They've tried all those things, and it's not moving along as fast as they'd
like.

Since when has the government decided what to do based on _need_?

------
nextparadigms
Could LulzSec actually be working for the Government to help create that
"civilized" Internet Sarkozy was talking about. They've certainly created the
"worst case scenarios" that politicians can point to now.

But the most surprising thing about them is how confident they are they won't
be caught. Can they really be that sure that they will never be caught doing
these attacks? Or are they just reckless?

But if they are for real, it might be understandable if they actually had a
cause, and a good one. Doing it for the lulz, doesn't seem like a very good
cause, and it's only going to give politicians more ammo to restrict the
Internet because of "these crazy hackers" that prove the Internet is very
"chaotic".

At least when Anonymous attacks they have a pretty good cause, that could
actually be supported by most of the public. LulzSec attacks are getting less
and less defensible, and maybe even suspicious.

~~~
fragsworth
The crazy thing is (I believe) large botnets are worth a lot of money on the
black market. It makes no sense that they would waste their network to take
down government websites "for the lulz". Something is missing about the
situation.

~~~
EricR23
I don't think something has to be missing here. My experience tells me
otherwise, that many botnet ops go for fun _and_ profit and it's not so
strictly "just business".

------
dexen
I just wonder... would merely announcing the CIA.gov is hacked on LuLzSec's
highly-popular website be enough to cause such spike of curious visitors that
the servers collapse?

Kind of self-fulfilling prophecy, it'd be; also a neat hack. Truly anonymous
DDoS, too ;-)

~~~
suking
Probably not even close to enough...

------
dendory
All these hacks are nothing but the modern version of kids going out at night
and spraying graffiti on public buildings, or going in them to vandalize the
hallways, then bragging to their friends at school, and then one day they
attack a bigger target and get caught. Only this time they can do all this
stuff from their own home so they feel invincible until they get a knock at
their doors.

------
goo
Hilariously, the massive media frenzy surrounding the site outage will send
the site enough traffic to DDOS it, even if LulzSec never meaningfully
impacted it in the first place.

~~~
27182818284
My first thought too. I immediately tried to load CIA and then thought, "Maybe
they didn't hack it at all but just put out their Twitter message to drive
traffic at it?"

Or more interestingly, if they were in the process of hacking or something and
wanted the cover of a torrent of strangers trying to reach their site.

~~~
AndyJPartridge
I just happened to be looking at my Twitter feed the very moment they posted,
and clicked the link immediately. No go.

Would this effect happen so quick? I guess they do have a lot of followers,
but I'd hope that even if all of them did what I did they could survive that
amount of hits?

~~~
madmaze
The other thing to keep in mind is that cia.gov is probably not made to handle
lots of traffic, since I cant imagine them having a massive day-to-day
userbase.. hence I assume it would be rather easy to get them choked up with
traffic

------
Aloisius
_scratches head_

I can load cia.gov just fine. It doesn't even appear to be slow. I opened up
the CIA World Factbook then checked their press section & what's new on
cia.gov and there was nothing about it going down.

Also, kudos to the CIA for flipping to HTTPS by default.

~~~
docgnome
Interesting to me that they don't use a wildcard cert though.

~~~
Aloisius
Well they have the EV cert and as far as I know, you can't get one for
wildcard domains.

------
abofh
Hacking CIA.gov, if they're half as good as one would expect, should yield no
more than the static web content hosted. If there half as good as government
contractors tend to be, I expect my tax return to be posted shortly.

~~~
tdfx
They didn't "hack into" the CIA.gov site as far as any of the reports I've
read have indicated. They just launched a denial of service attack.

------
dvdhsu
Confirming that it is indeed down for me.

I wonder what the CIA are going to do, especially because LulzSec is directly
targeting them now.

~~~
brown9-2
I doubt that the core of the CIA cares too much about it's public-facing
website.

~~~
lallysingh
It's got a few important uses. Recruiting, public relations, etc. And then,
there's the loss of face in having it down.

~~~
blhack
CIA also runs the CIA world factbook, which is an incredibly useful resource.

Mostly, though, I'd say this is just egg on their face.

------
ChuckMcM
Well this will be interesting.

Great article btw in the current Popular Mechanics [1] about the new
militarized CIA and whether or not that's a Good Thing.

[1]
[http://www.popularmechanics.com/technology/military/news/spi...](http://www.popularmechanics.com/technology/military/news/spies-
at-war-the-new-era-of-the-cia-5767465)

------
AndyJPartridge
Off topic, sorry, but not sure where I'd ask this.

I posted this news 15 minutes before this submission.
<http://news.ycombinator.com/item?id=2659263>

Can someone explain to this newbie why mine disappeared so quickly, but this
stayed? I don't have a problem at all, I just wish to understand the system
thanks.

~~~
kooshball
well one reason would be OP linked to an article, you linked to a site that
doesnt load...

~~~
AndyJPartridge
Ah :-) So I should have used the text option then?

A broken link gets it immediately marked down? Makes sense.

~~~
dvdhsu
> A broken link gets it immediately marked down? Makes sense.

If we can't open the site, we scratch our heads and move on. On the other
hand, if we can open the site, we scratch our heads and say: "Yeah right! The
site isn't down! No upvote for you!"

------
woodall
I've seen a lot of the sites they have compromised before; can't disclose
where. I wrote f-secure back in 2007 about it. Never a response. A few to
watch for in the future Noth Korea's main site; Adam Sandler's home page. I'll
have to dig trough my logs to find more. Again, no bodies listening,
<http://news.ycombinator.com/item?id=2651275>.

Maybe a good start-up idea, Internet 911. Grey/White hats find vulns => report
=> issue gets the attention it deserves. Made me laugh, but something like
cyber-police :D

From - Sat Aug 07 23:58:30

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00800000

X-Mozilla-Keys: Message-ID: <[re-dictated]@gmail.com>

Date: Sat, 07 Aug 2010 23:58:24 -0500

From: Chris <[my email]@gmail.com>

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.11)
Gecko/20100713 Thunderbird/3.0.6 MIME-Version: 1.0

To: sanjose@f-secure.com

Subject: fox news

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Content-Transfer-Encoding: 7bit

Dear F-Secure:

Many Fox news opinion sites(Glen Beck, Hannity, ect) are vulnerable to
multiple attacks- read LFI(getfile.php), XSS(search), ect. I would try to
contact them, however, the LFI leaves their mail servers vulnerable to ease
dropping. As a well established security reseach company I feel disclosure of
this should be left to you(the pros); plus it would make a good blog post.

------
srl
Down here too (east coast).

LulzSec feels (to me) like just a group of bored teenagers messing around,
randomly attacking whatever websites they can. I suspect if the gov't wanted
to scare people, they wouldn't just sponsor/create a group doing things "for
the lulz" - they'd make it out to be something larger and scarier.

------
lupatus
One of my favorites sites, the CIA World Fact Book[1], is also down.

[1]<https://www.cia.gov/library/publications/the-world-factbook/>

~~~
mkr-hn
Most of the CIA Factbook is duplicated on country wikis.

------
blantonl
What are the chances that LulzSec is a single individual with exceptional
abilities that is working his tail off to make all this happen?

------
trotsky
Wow, without civilians being able to access www.cia.gov for a short period of
time due to a ddos I'm sure the military industrial complex will crumble.

Why bother running stories about random DDOS's and defacings? It's even less
interesting or important news than mainstream media's celebrity gossip.

~~~
hugh3
This is actually a damn good point. The best way to fight DDOSes is to stop
making a big deal out of them. We need to show some restraint, and also to
educate the media -- folks being unable to access cia.gov has (to a reasonable
approximation) zero effect on the CIA.

------
Tichy
What on earth is their plan?

~~~
smogzer
False flag to justify tighter Internet regulation ?

~~~
sigzero
If it keeps going. It will probably work false flag or not.

------
TheIronYuppie
yes, i can see no downside to this. i would never expect that there would be
an irrational, overblown response that causes lots of people to be arrested
and made examples of.

------
phektus
terrorists -> hackers al qaeda -> lulzsec patriot act -> ??? tsa -> ??? wtc
bombing -> yet to come or spread out into many hacking instances?

lol parallels

------
zyfo
The Jester, greyhat patriot who hacked Talibans' websites and forced Wikileaks
to change their hosting, is now going after LulzSec. This is a lot more
entertaining than TV: <https://twitter.com/#!/th3j35t3r>

~~~
kabushikigaisha
He's just a troll/internet tough guy having verbal warfare via Twitter and
IRC.

~~~
getsat
I love the fact that LulzSec actually calls him out constantly, calling him a
"schizo retard" and threatening to reveal the exploit he's using to take down
sites. It's immature, of course, but entertaining as an observer.

~~~
cantbecool
No, LulSec said that he is part of the illuminati. I'm not even sure they were
even serious, but funny regardless.

------
shareme
You will see the EU anti-DDOS tools law modified and possibly one for USA as
well..

Seems like a false flag to get DDOS tool anti-laws passed

------
drivebyacct2
Is it a (d)dos or an actual hack?

~~~
9999
Feels like the former. Were it the latter, they would have probably defaced
the page or announced that they'd stolen some data, etc.

------
HRoark
I read for most of their hacks they used SQL injection. Any know how that
works exactly?

~~~
woodall
Input isn't properly sanitized by the server thus allowing an attacker to run
code through the database. Fairly easy to test for.

~~~
HRoark
It's pretty embarrassing that none of these big corporations (PBS, Sony) can't
even take some time to test for security flaws considering that SQL injection
like you mentioned is easy to test for.

------
mahmud
Maybe the CIA lost its raison d'etre with Bin Laden's demise, and decided to
Cuil things off.

------
sdoowpilihp
Are there truly this many servers out there that are so horrendously behind on
updates that they can be picked off like this?

~~~
gst
This doesn't have to do with security updates. This is most likely a simple
ddos/flooding attack and there are not many things you can do against them.

------
dreamdu5t
Enough with the "cyber security" law conspiracy.

Do I need to remind people that these laws are _voted_ on by your _elected_
representatives?

The patriot act is a result of democracy. Don't want cyber security laws?
Start by educating people and voting for people who don't want cyber security
laws.

~~~
dmix
While I agree with some of your setiments, this is a very strawman/ranty type
of comment.

~~~
dreamdu5t
Strawman? My points are completely factual.

Where is the evidence of this false-flag operation? There is none. Why would
congress need to conduct such a false-flag operation when they wouldn't have
much trouble passing such a law regardless?

