Several websites owned and operated by the United States Congress are recovering from a three-day distributed denial-of-service (DDoS) attack.
The DDoS campaign began on July 17 when the websites for the Library of Congress (LoC) began experiencing technical difficulties. A day later, the websites went temporarily offline:
@megireid We've been the target pf a denial-of-service attack & are working hard to restore full service. Sorry for the inconvenience!
— Library of Congress (@librarycongress) July 18, 2016
During the attack, Library of Congress employees were unable to access their work emails or visit any of the Library's websites.
Softpedia reports the attackers ultimately overcame initial defense measures to escalate their campaign. Specifically, they brought down two additional targets: congress.gov, the online portal for the United States Congress; and copyright.gov, the website for the United States Copyright Office.
@wdcscribe Our websites are experiencing technical difficulties & we're working to correct them. Sorry for the inconvenience.
— Congressdotgov (@congressdotgov) July 18, 2016
— US Copyright Office (@CopyrightOffice) July 19, 2016
On Tuesday morning, things started to get back to normal. Some email accounts were functioning, writes FedScoop, but other online properties by the LoC remained offline.
As of this writing, the three government portals affected by the attack are back online.
Tod Beardsley, a senior research manager for Boston-based cybersecurity firm Rapid7, feels that denial-of-service attacks remain popular because of how difficult it is for a target to mitigate a campaign while it is still in progress.
As he told FedScoop:
"DoS attacks that leverage DNS as a transport is a common mechanism for flooding target sites with unwanted traffic for two reasons. [First,] DNS traffic is often passed through firewalls without traffic inspection, since timely responses to DNS are critical for many networked environments. [And] second, DNS nearly always uses User Datagram Protocol, or UDP, rather than Transmission Control Protocol, or TCP, and UDP-based protocols like DNS are connectionless. As a result of this design, it's easier for attackers to forge data packets with many fake source addresses, making it difficult to filter good data over bad."
Network filtering devices can help, but only if a company decides to buy one. Perhaps the Library of Congress didn't own such a device or lacked a service provider with expertise in mitigating DoS/DDoS attacks.
There's little companies can do to protect against DDoS attacks, as script kiddies with a few bucks can rent a botnet online to attack whichever target they choose. With that in mind, organizations should prepare for these attacks by investing in DDoS mitigation technologies that can in the event of an attack help accommodate and filter attack traffic.