Lulzsec claims responsibility for CIA website outage

Hacking group states it attacked CIA website for fun

Hacking group Lulzsec has claimed responsibility for a recent outage of the CIA website.

Late on Wednesday evening, at the time of the outage, the group wrote on its Twitter feed: "Tango down – cia.gov – for the lulz."

Last month the Pentagon announced that a cyber attack originating from another country could constitute an act of war and prompt a military response, according to a report in the Wall Street Journal.

This helps highlight the seriousness with which the US government now treats cyber crime.

Graham Cluley, senior technology consultant at security firm Sophos, stated that the attackers would be severely punished if caught.

"If the US manages to identify these hackers, they will be made an example of – the US wants to send out the message that these attacks will be taken very seriously indeed."

He added that the attack itself was relatively unsophisticated.

"This attack was a simple Distributed Denial of Service (DDOS) attack, which isn't terribly sophisticated. It's like a whole bunch of fat guys trying to get through the same revolving doors. They bombard the website with requests until it can't cope and goes offline.

"Hopefully the CIA will invest in infrastructure to minimise the problem in future."

Lulzsec, which last month stole the personal details of more than one million customers from one of Sony's servers, recently opened a phone line allowing the public to suggest online targets for their attacks.

"It's like ringing into Radio 2 and making a song request. People are calling in and saying have a go at this site," said Cluley.

He added that the majority of attacks from hacking collectives such as Lulzsec and hacktivist group Anonymous are fairly basic in nature, suggesting that many corporate and government websites are poorly defended.

Cluley stated that UK government sites were equally vulnerable. He recommended that organisations check the security of their online presence.

"The message for organisations is that they need to secure their websites. The attacks that Lulzsec is responsible for are fairly elementary.

"Websites can be up for years before they're given a refresh, and you may not have the team in house to check its security. You need to have someone who knows what they're doing to give your website the once-over," he concluded.