The July 4th holiday brought more than fireworks. Over the weekend, a botnet began a large scale DDoS attack against U.S. government websites. It knocked the FTC’s site offline and has hit several other government sites including the Department of Transportation and the U.S. Treasury.
“The DOT has been experiencing network incidents since this past weekend. We are working with the U.S. Computer Emergency Readiness Team [US-CERT] at this time,” a DOT spokeswoman said Tuesday.
The botnet, which has at least 50,000 computers under its control, is also credited with attacks on the U.S. Secret Service, the Department of Homeland Security, the White House, the New York Stock Exchange, the Department of Defense, the State Department, the Washington Post, and several businesses in the US and in Korea.
While DDoS attacks are relatively common, this was particularly severe. This DDoS attack took up to 40GB of data per second which is ten times higher than a typical attack. No one knows who is behind this attack but most of the infected machines making up the botnet are located in South Korea. While bandwidth levels have dropped since the weekend the attack is still ongoing.
“These are very basic attacks and stuff we’ve seen for a very long time. The scale of these isn’t very huge either,” said one security expert, who spoke on condition of anonymity because he wasn’t authorized to discuss the matter publicly. “It’s embarrassing that these sites have been hit for four or five days and they’re still being affected. Think of the money that eBay and Amazon would lose in four to five days of this.”
The White House should be very concerned that government site were hit. As the country’s first cyber savvy president, Obama needs to get on the ball and get U.S. cybersecurity made a top priority.