14 DAY TRIAL // The US Congress has just recovered after a three-day DDoS attack that has crippled its online portal congress.gov, along with adjacent sites such as the US Library of Congress (loc.gov) and the US Copyright Office (coypright.gov).
The attack started on Sunday evening, July 17, and initially targeted the Library of Congress website, affecting the same server infrastructure on which the other two websites were also hosted.
Despite initial defensive measures, the attack slowly escalated in the following days and continued to cause trouble for government officials and site visitors until five hours before this article's publishing date.
At the time of writing, all three websites are up and running. No other government portals appear to have been affected following a quick inspection.
DDos DNS reflection attack seems to be the cause
A US Library of Congress spokesperson said the DDoS flood involved some kind of "DNS attack."
While not officially confirmed, leveraging our technical expertise, we can presume this was a DNS reflection DDoS attack, one of the most prevalent types of DDoS attacks seen today.
In this attack, a hacker is creating malformed UDP packets, which they send to a DNS server. This server's setup contains vulnerabilities that multiply and reflect the packets to the target, which in this case seems to have been the Web servers that hosted the three websites.
DDoS attacks are often used to mask more serious intrusions, so let's hope the webmasters of these agencies are also investigating other portions of their network as well.
Unlike many of today's online services, government workers have kept affected users in the loop on the Twitter accounts of all three agencies. We know a few Web hosting providers that could learn from the social media presence of US government workers when it comes to customer support. Below is a list of selected tweets.
@wdcscribe Our websites are experiencing technical difficulties & we're working to correct them. Sorry for the inconvenience. — Congressdotgov (@congressdotgov) July 18, 2016
Denial-of-service attacks have disrupted #LibraryofCongress websites, including #USCO websites, since July 17... — US Copyright Office (@CopyrightOffice) July 19, 2016
... Because of the ongoing denial-of-service attacks, the #USCO online registration system may not be available to our external customers. — US Copyright Office (@CopyrightOffice) July 19, 2016
The Library's websites are experiencing technical difficulties & we're working to correct them. Sorry for the inconvenience. — Library of Congress (@librarycongress) July 18, 2016
@writing_ryan We've been the target pf a denial-of-service attack & are working hard to restore full service. Sorry for the inconvenience. — Library of Congress (@librarycongress) July 18, 2016
@ProfL12 We've been the target of denial-of-service attack & working hard to restore full service. Sorry for the inconvenience! — Library of Congress (@librarycongress) July 19, 2016