Thread: Hackers hit CIA website

Jun 15, 2011

Hackers hit CIA site
By Michael Winter, USA TODAY
Updated 3m ago

Hackers appear to have taken down the CIA website, apparently by the group behind similar attacks on the Senate's site, according to various reports.

The group, LulzSec, tweeted this about 40 minutes ago: "Tango down - cia.gov - for the lulz."

On Deadline has not been able to access the site.

Here's what the Huffington Post has so far.

At the same time, Gawker reports LulzSec (Lulz Security) hackers have also gone "to war" with 4chan.

http://content.usatoday.com/communities ... cia-site/1

http://cia.gov

CIA Website Allegedly Attacked By Hackers

The Huffington Post Bianca Bosker
First Posted: 06/15/11 06:10 PM ET
Updated: 06/15/11 06:58 PM ET

The homepage of the Central Intelligence Agency, http://cia.gov/, appeared to have been suffered an attack from a hacker group on Wednesday evening.

The CIA site would not load properly and website DownForEveryoneOrJustMe.com confirmed that the site was down. However, ReadWriteWeb's Curt Hopkins, who notes that he lives across the country from CIA headquarters, said the website appeared "normal."

LulzSec, a hacker group that has attacked the Senate website twice in a week, claimed responsibility for the outage in a tweet.

"Tango down - cia.gov - for the lulz," @LulzSec tweeted around 5:48PM ET.

LulzSec recently announced that it had established a hotline at which it would be accepting requests for new sites and services to target. LulzSec has claimed responsibility for attacks on Sony, gaming company Bethesda, PBS.org, as well as gaming sites Minecraft and League of Legends. The group's motto reads, "Laughing at your security since 2011."

All Things D writes of the alleged denial of service attack, "The site is for all intents and purposes the public face of the agency, so it’s not likely that any classified information is being taken or any sensitive communications disrupted, but attacking government Web sites is a federal crime under the Computer Fraud and Abuse Act, and probably some other laws I’m not thinking of."

LulzSec has not added the CIA to its list of "releases"--documents containing information taken during its cyber attacks--on its website.

The group said of its previous attack on Senate computers, "We don't like the US government very much. Their boats are weak, their lulz are low, and their sites aren't very secure. In an attempt to help them fix their issues, we've decided to donate additional lulz in the form of owning them some more!"

The CIA was not immediately available for comment.

UPDATE: The CIA.gov website was sporadically accessible around 6PM ET.

http://www.huffingtonpost.com/2011/06/1 ... lp00000008

I guess it was not down for long. Very bad days when people are confident enough to hack our CIA and the American Pentagon on a regular basis without fear of justice or reprisals.


W

June 13, 2011 9:52 AM PDT

Turkey arrests 32 after Anonymous' Web attacks

by Stephen Shankland PrintE-mail.Share96 comments

After hacker group Anonymous' apparently successful Operation Turkey to protest Internet censorship, the country's authorities have detained 32 people in connection with the attack on Turkish government Web sites.

After Friday's attack, Turkey's telecommunications authorities investigated and took the people into custody, according to a report today by Turkey's state news agency. Eight of those detained were under 18 years old, the report said.

The arrests come just days after Spain said Friday it arrested three Anonymous hackers in connection with attacks on Sony's PlayStation Network, governments, banks, and others. Retribution followed quickly, with an Anonymous attack that reportedly took a Spanish police off the Net.

The attacks take the form of a distributed denial of service (DDoS), which involves a coordinated flooding of a Web site with traffic with specially crafted network tools.

Security firm Sophos, though, said the Turkish attackers apparently used an attack tool called LOIC (Low Orbit Ion Cannon) that isn't terribly anonymous.

"LOIC...doesn't do a very good job of covering your tracks--making it potentially easy for computer crime authorities to track those behind the attacks," said Sophos' Graham Cluley.

A loose group of angry hacktivists is only one force spotlighting the Net's vulnerabilities today. The International Monetary Fund suffered what was reported over the weekend to be a major network breach. Google said it disrupted a plan the company said originated from China to break into Gmail accounts. It's open season for hackers.

One person's illicit hacker might be another person's sanctioned military authority, though. The United States and United Kingdom increasingly talk of cyberwar as just a facet of ordinary

http://news.cnet.com/8301-30685_3-20070 ... b-attacks/

CIA Hackers Just 'Schoolboys,' Security Expert Says

Published June 16, 2011
News Corp Australian Papers

They might have just brought down the CIA's website, but the latest group of hackers on the scene are nothing more than "schoolboys."

That's the challenge thrown down by the head of technology at Sophos, Paul Ducklin, who claims the anonymous collective Lulz Security have to "grow some moral spine" if they want to be taken seriously.

In the past two weeks, Lulz have launched cyber attacks on Sony, Nintendo, gamers at Eve Online, a company that works for the FBI and the U.S. Senate. They claim their motive to be nothing other than showcasing companies' online weaknesses "for the Lulz."

Related Video

Cybersecurity and protection
Related Links Hacker Group Attacks Senate Website Again, Claims It Gained Access to CIA Site Hackers Break Into US Senate Computers Hackers Claim to Have Hit Sony Again Group Claims It Was 'Paid to Hack PBS,' Then Leaks a Million Sony User IDs

Yesterday, they opened up a hotline and called on the public to suggest their next target.

"Our number literally has anywhere between five and 20 people ringing it every single second," members of the group said in a Twitter message posted online at @LulzSec.

The hotline number spelled out "LULZSEC" and had an area code in Ohio.

A recorded greeting featured a man speaking with an exaggerated French accent explaining that "Pierre Dubois and Francois Deluxe" were unavailable because they were up to mischief on the Internet.

Panda computer security firm labs technical director Luis Corrons said setting up a telephone hotline was "kind of eccentric" given that the hackers could have easily set up an online forum asking for targets.

"These guys are upsetting a lot of people," Corrons said. "They think they will never be caught, and that could be their biggest mistake."

Lulz certainly pushed their luck Wednesday, when they claimed credit for the shutdown of cia.gov.

"Tango down - cia.gov," they tweeted at @LulzSec.

"For the lulz."

Which sounds impressive, but over at Sophos, Ducklin said what Lulz was doing was "about as intellectually interesting and important as a bunch of schoolboys boasting in the playground about who's got the hottest imaginary girlfriend."

He said most of the break-ins had been "languorously orchestrated, using nothing more sophisticated than entry-level automatic web database bug-finding tools, available for free online."

He admitted Lulz's behavior was a "timely wake-up call," but insisted that didn't justify LulzSec's behavior.

"Time spent throwing bricks through other people's digital windows doesn't actually teach anyone anything about glassmaking, glazing or civil engineering," Ducklin said. "If you consider yourself a hacker and you have time to spare, grow some moral spine and use your skills for active benefit."

"Follow the lead of a guy like Johnny Long and www.hackersforcharity.org ," he added. "I dare you to look at his site and decide that LulzSec is a more worthwhile cause."

http://www.foxnews.com/scitech/2011/06/ ... z1PSOQtAoC

The only thing they got into was the public website that anyone can visit, not the secret stuff.

"The site is for all intents and purposes the public face of the agency, so it’s not likely that any classified information is being taken or any sensitive communications disrupted, but attacking government Web sites is a federal crime under the Computer Fraud and Abuse Act, and probably some other laws I’m not thinking of."

UK Police Arrest Suspected Lulz Security Hacker

Updated: Tuesday, 21 Jun 2011, 8:30 AM MST
Published : Tuesday, 21 Jun 2011, 8:30 AM MST

(NewsCore) - The 19-year-old man arrested by UK police as part of an investigation into hacking attacks by the group Lulz Security was named locally as Ryan Cleary, Sky News reported Tuesday.

Scotland Yard said the arrest followed a joint investigation by a special unit of the Metropolitan Police and the FBI "into network intrusions and Distributed Denial of Service (DDoS) attacks against a number of international business and intelligence agencies by what is believed to be the same hacking group."

The hacking group claims to have hit the websites of numerous high-profile organizations, including the CIA, US Senate, an affiliate of the FBI and Sony's PlayStation Network.

The man, who has not been named by police, was arrested late Monday and remained in custody Tuesday.

Forensic examinations were ongoing after a search at a residential address in Wickford, about 36 miles (58 kilometers) northeast of London, led to "a significant amount of material" being found.

Police had yet to officially confirm whether he was directly involved in the activities of Lulz Security.

In May, British newspaper the Metro reported that Cleary was named by the "Anonymous" collective of hackers as the person responsible for breaching two of its websites.

The hacker involved in those attacks, named only as "Ryan" on the AnonOps website, was said to be staging a coup d'etat and setting up a splinter group "as he didn't like the leaderless command structure."

Ryan told tech news website thinq_ at the time that the hack was "regrettable but necessary" as Anonymous' "power was wasted on stupid operations."

However, Lulz Security, which regularly comments on its exploits via its LulzSec Twitter account, wrote Tuesday, "Seems the glorious leader of LulzSec got arrested, it's all over now... wait... we're all still here! Which poor b*st*rd did they take down?"

Lulz Security claimed Monday that it had knocked offline the site of Britain's Serious Organised Crime Agency (SOCA). Computer security firm Sophos said the SOCA website was sporadically inaccessible following the attack.

The group also denied Tuesday that it was set to release confidential data from the 2011 UK Census, saying that the information released earlier was faked. However, it added, "If someone out there hacked the UK government in the name of #AntiSec, well done sirs!"

A person calling themselves "Cap'n Pierre 'Lulz' Dubois" had written online, "We have blissfully obtained records of every single citizen who gave their records to the security-illiterate UK government for the 2011 census ... Myself and the rest of my Lulz shipmates will then embark upon a trip to ThePirateBay with our beautiful records for your viewing pleasure!"

The UK's Office for National Statistics (ONS), which runs the census, said it was aware of the alleged data breach.

"We are working with our security advisers and contractors to establish whether there is any substance to this ... At this stage, we have no evidence to suggest that any such compromise has occurred," the ONS said.

http://www.myfoxphoenix.com/dpps/news/u ... c_13783287

Computer hackers target Arizona Border Patrol

Hackers claim release of classified AZ. DPS docs

http://www.alipac.us/ftopict-241589.html

RELATED

LulzSec Members Apparently Outed

An anonymous post claims to put names to four of the group's six members, leading security experts to predict imminent arrests.

http://www.alipac.us/ftopict-241939.html