SophosLabs: The CIA’s website was brought down for some hours last night by what appears to have been an internet distributed denial-of-service (DDoS) attack.

cia-down

A post made from an Anonymous-affiliated Twitter account announced that the site was doing using the phrase “CIA Tango Down”, although a later tweet left ambiguity as to whether the hacktivists were claiming responsibility for the attack.

anon-cia-tweet

Of course, this is one of the challenges when trying to get a sense of what actions can be attributed to Anonymous or not.

Anonymous doesn’t have members, isn’t a group in a conventional sense, and has arguably no official channels of communication. Without a defined hierarchy, anyone can claim to represent Anonymous if they wish, which means that even Anonymous itself can’t actually claim that they did or did not launch an attack.

It’s more a case of individuals bandying together to launch attacks, some of which they may choose to launch under the Anonymous banner even if it isn’t an attack supported by others who would affiliate themselves with the movement.

anonymous-170So, it only actually needs one person to claim that the CIA attack was done by Anonymous and, well.. it’s hard to prove that it wasn’t. I often think that this must be frustrating for those who would closely associate themselves with Anonymous, and man their more popularly followed website outlets and Twitter accounts.

At the end of the day, it probably matters less whether the attack was by Anonymous or not – but rather, that the CIA’s website was brought down and whether the authorities are able to identify those responsible.

In the past, law enforcement agencies have arrested individuals who they believe have been responsible for similar DDoS attacks against the likes of Britain’s Serious Organized Crime Agency and the CIA.

If innocent users want to avoid being associated with a criminal DDoS attack, they should take care over what links they click on, and what software they install.

At the time of writing, the CIA’s website still appears to be receiving a large amount of traffic – making it impossible for some internet users to reach the site.

Of course, a denial-of-service attack is very different from an actual hack of the CIA’s computer servers. There is no suggestion at the moment that the CIA’s own systems have been compromised – rather their webservers have been so bombarded with traffic that their site is no longer accessible from the outside world.

It’s rather like when a luxury department store sells products at ridiculously reduced sale prices – so many people try to get in at the same time, that nothing moves and a complete logjam is created.