WASHINGTON (Reuters) - A breed of cyber pranksters known as “hacktivists” appears to be on a campaign to embarrass the U.S. government, but such types of attack are unlikely to breach the computer firewalls that protect important official secrets, independent analysts say.
A loosely organized group of hackers called Lulz Security, little known outside of cybersecurity circles, has claimed attacks against the public websites of the CIA and U.S. Senate over the past week. Hackers mounted a second, similar assault against the Senate website on Wednesday, possibly the work of copycats.
U.S. officials say government computer systems and websites, including those operated by the Pentagon, are subjected to thousands of attempted hackings each month but that safeguards usually keep would-be intruders away from sensitive data.
The Lulz style of attack, known as a denial of service meant to disable the target’s website, is often undertaken by activists as young as teenagers and pose little danger aside from embarrassment and website clean-up costs that can run into the hundreds of thousands of dollars.
“It’s hacktivism — activism through hacking. Campaigns of this kind have been done in the past for two reasons: outrage and self-promotion. This one is some combination of those,” said Alan Paller, director of research at the SANS Institute, a think tank devoted to cyber issues.
“There’s a lot of noise but no real downside, except that if people don’t think the CIA can protect its own website, it colors their thinking about what it can do in other arenas — maybe unfairly, but it doesn’t really matter.”
Denial of service attacks are the most basic form of cyber intervention, in which hackers jam a website by flooding it with traffic. The attacks often involve software that can be downloaded for free from the Internet.
A CIA spokeswoman said: “The CIA’s public website experienced technical issues that caused it to respond slowly for a short time yesterday evening. Those issues are now resolved. These technical issues affected only the CIA’s unclassified public website. Our classified systems were not affected.”
But federal authorities take hacktivism seriously, as a kind of vandalism that represents the less dangerous edge of a cyber security spectrum that includes hacking by foreign military operatives, economic spies, organized criminals and terrorists.
“It effects everything from national security to commerce, all the way down to individuals. You’ve got a lot of identity theft. So we’re not saying that’s no big deal. We’re looking at it across the board,” said a U.S. official who spoke on condition of anonymity.
Far more serious are recent hackings at Google, Lockheed Martin Corp and the International Monetary Fund, in which analysts say professional hackers may have tried to steal secrets on behalf of powerful interests, including national governments.
Google raised the alarm about cyber attacks in Washington earlier this month when it disclosed that hackers, perhaps from China, had sought access to the Gmail accounts of senior U.S. officials.
U.S. Secretary of State Hillary Clinton weighed into the controversy by calling the allegations serious and under investigation by federal authorities.
Defense contractor Lockheed Martin also reported thwarting an attack on its information systems network that cyber security experts believe may have originated in China.
“The real burglars are stealthy, and often in those cases, you don’t know what they took,” said James Lewis of the Center for Strategic and International Studies.
“Nobody who is serious would do a denial of service attack. It would be like burglars hiring a marching band,” he said.
Additional reporting by Jeremy Pelofsky; Editing by Peter Cooney