Written byChris Bing
Update, 7/20/16 4:10PM: a blog post written by Library of Congress Chief Information Officer Bernard Barton reads: “Our team of Library IT professionals and contract partners have returned our networked services to normal functionality … This was a massive and sophisticated DNS assault, employing multiple forms of attack, adapting and changing on the fly. We’ve turned over key evidence to the appropriate authorities who will investigate.”
Some of the U.S. Library of Congress’s websites are currently inaccessible as the result of a denial-of-service attack, the Library of Congress announced Monday.
The cyberattack was originally detected on July 17, a spokesperson told FedScoop. The attack has also caused other websites hosted by the LOC, including the U.S. Copyright Office, to go down. Library of Congress employees were reportedly unable to access their work email accounts or visit internal websites.
“The Library is working to maintain access to its online services while ensuring security,” the spokesperson said.
As of mid-morning Tuesday, outages continued to affect some online properties managed by the Library. Another Library of Congress spokesperson told FedScoop that some email accounts are now functioning.
In June 2015, the Government Accountability Office published a limited-distribution report — undisclosed publicly though it was sourced in a 2015 GAO testimony to the Committee on House Administration — highlighting digital security deficiencies apparent at the Library of Congress, including poor software patch management and firewall protections.
A DoS-style attack typically interrupts or temporarily suspends the services of a host who is connected to the internet by flooding their online address with fake internet traffic. Cybersecurity experts tell FedScoop that DoS — also known as a domain name system-based attack — are commonly employed by hackers to disrupt online assets. These cyberattacks, however, remain difficult to guard against.
“DoS attacks that leverage DNS as a transport is a common mechanism for flooding target sites with unwanted traffic for two reasons,” Tod Beardsley, a senior research manager for Boston-based cybersecurity firm Rapid7, wrote to FedScoop in an email.
Beardsley explained, “DNS traffic is often passed through firewalls without traffic inspection, since timely responses to DNS are critical for many networked environments. [And] second, DNS nearly always uses User Datagram Protocol, or UDP, rather than Transmission Control Protocol, or TCP, and UDP-based protocols like DNS are connectionless. As a result of this design, it’s easier for attackers to forge data packets with many fake source addresses, making it difficult to filter good data over bad.”
LookingGlass Chief Scientist Jason Lewis said that DoS attacks are popular because they are “easy to perform.”
“Filtering DNS requests to ensure they meet DNS protocol standards are a good way to move the attack load onto a network filtering device … there is hardware that can filter requests and reduce the attack impact, [but maybe] the Library of Congress isn’t using a service provider that specializes in the DoS and DDoS,” Lewis said.
The attack was first reported by FCW.
Want more stories like this? Sign up for the CyberScoop newsletter and allow us to make sense of it all. To contact the reporter on this story: send an email via firstname.lastname@example.org or follow him on Twitter at @Bing_Chris.