The Web site for the U.S. government's cyberattack warning center is back up – a day after getting hit by the kind of attack to which it often alerts others.
The Computer Emergency Response Team's Coordination Center Web site was hit by a distributed denial of service (DDOS) attack beginning Tuesday, making it difficult, if not impossible, for people to get to its Web pages.
Beginning at 11:30 a.m. EDT on Tuesday, the Web site was bombarded with so many requests for access that the Web server hosting the data was overloaded and unable to display data for legitimate requests. The site was back up Wednesday morning. A CERT statement said the Web site was not the only means the organization had to distribute advisories.
"We get attacked every day," Richard Pethia, director of the Networked Systems Survivability Program at Carnegie Mellon's Software Engineering Institute – which includes CERT – said in a statement. "This is just another attack. The lesson to be learned here is that no one is immune to these kinds of attacks."
The federally funded nonprofit CERT offers early warnings and alerts on security vulnerabilities and cyber attacks to the government and to private corporations for a fee. The irony of the government's cybersecurity alarm entity getting hit by hackers was not lost on people in the security community.
"I think it's a wake-up call," said Ted Julian, chief strategist at security software maker Arbor Networks. "These guys have no lack of security infrastructure, you would assume, and certainly no lack of security expertise."
Julian said his company might have CERT's answer. Arbor Networks sells software that enables Internet service providers, Web hosts and other peering points, at which individual users connect with the Internet, to detect DDOS attacks and filter them out of the systems.
"Because the process of dealing with these things is so totally manual, it takes [a target site] a day" to solve the problem, Julian said. "At first you don't even know what the problem is; it could be equipment failure or misconfigured software."
DDOS attacks entered the mainstream vernacular after Yahoo, eBay, CNN and a few other Web sites were hobbled by attacks in February 2000. In January, Microsoft's network of sites was hit by such an attack for a few days, and this month, the Whitehouse.gov site was attacked.
A study released Tuesday by the University of California at San Diego's Supercomputer Center estimates that there are at least 4,000 DDOS attacks per week. Popular sites such as Amazon.com, America Online and Microsoft's free Hotmail e-mail site are among the more common targets.
