Ongoing DDoS knocks FTC.gov offline, hits others
by Robert McMillan, Security Blanket
Tue, 2009-07-07 04:08

If you tried to visit the FTC's Web site Monday, you probably noticed that it was down. The FTC told The IDG News Service that it's looking into the cause of the outage, but as their tech staff is well aware, they've been under a DDoS attack since around July 4, and they're not the only ones.

According to my sources, who have been monitoring the attack that took down the FTC,  the FAA, Treasury Department, the Department of Transportation and even the Secret Service have all been hit as well. To date, FTC.gov seems to be the only site that has crashed.

My sources also tell me that it would be wrong to think of this as an attack on U.S. Government sites alone. Some other big sites have been hit, in what may be a test of the attack.

Politically motivated? Test of a new DDoS tool? Who knows?

I think we'll have more information on Tuesday, but if you're seeing any interesting DDoS activity out there, drop me a line. I think quite a few people are trying to figure this one out right now.

» read more from Robert McMillan | post a comment
Reader Feedback
Wed, 2009-07-08 17:52
Undetectable at USCIS.gov
By Anonymous

Fortunately, the USCIS.gov web site is immune to the effects of DDoS. It's impossible to detect when their site is offline because it continues to provide their standard level of service: NONE.

» Reply | Report as spam
Wed, 2009-07-08 10:00
Evolution
By Anonymous

Those DDoS attacks on Federal web-site are challenging Einstein 3 which is the security program deployed according to the vision of Obama. In the latest review on cyberspace security, Obama only indirectly secured federal web-site as infrastructional. Einstein3 is only focusing on cleaning malware attacks on web-sites. In DDoS, hackers are playing kaleidoscope by compromising lots of machines and used those machines to send demands overloading those web-sites under attacks. Hence, Einstein 3 should be evolving to involve pattern recognition on DDoS and do the best effort to ignore those demands requested. (or use DPI to shut down those machines being used in the attacks.)

» Reply | Report as spam
Tue, 2009-07-07 13:59
Likely culprit
By E.J.H.

In recent days the FTC has come down hard on spammers, not only in the US but around the world. Most of those charge do in fact run botnets as that is how their spam was delivered.

If I was still wearing my FBI hat, my first look would be at those connected with the recent charges and rulings.

As for why other government sites are being hit, it is possibly a ruse or the fact that often times .gov accounts are spread across mutiple systems and thus may reside side by side with other public and private sites.

In 2004 a DDOS attack was launched aginst a small firm that happend to reside in a datacenter next to the USSS and Amazon. All three sites were down for 45 minutes.

As for the FTC ddos, check the logs. A ddos does not all start at once, it builds in a short period of time but those initial logs will likely show IPs that his the site earlier and thus can be cross referenced to possibly find the command and control IP.

» Reply | Report as spam

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
* Denotes a required field
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast