Don't Tug on Superman's cape and Don't Hack CIA.gov

I suspect the downfall of the Lulz Security hacking crew will be traced to its attack of cia.gov – and with good reason. Before I start listing the many reasons why taking a run at cia.gov was just a Bad Move, let me first provide some lyrics penned by Jim Croce from “You Don't Mess Around With Jim”:

“You don't tug on Superman's cape / You don't spit into the wind / You don't pull the mask off that old Lone Ranger / And you don't mess around with Jim”

Substitute “hack” for “mess” and “www.cia.gov” for “Jim” to get the moral of how this story will likely end.

The CIA put its first public web site up back in 1994, due in most part to a push by Vice President Al Gore to get all federal agencies to get onto the Internet as a part of his bigger picture/mission/keep-busy work of reinventing government.   Due to security concerns and time constraints, a decision was made to host the site at a place called DIGEX, a (then) upstart ISP that resided in Greenbelt, Maryland above a Chinese restaurant. 

Even back then, everyone knew www.cia.gov would attract visitors of all kinds – including those of the unfriendly variety. The inside joke at DIGEX was cia.gov had an air gap the size of the Washington DC Beltway – the physical distance between Greenbelt and the CIA's headquarters in Langley, Virginia.   Hackers could pound on it to their heart's content and the worst they could do would be to deface it – something which didn't happen between 1994 and 1996 or so, if memory services. 

Needless to say, network operators and sys admins at DIGEX kept a close eye on traffic and activity on the site during the time it was hosted in Greenbelt.

While that was years ago, it takes no great sense of imagination to believe that, as the U.S. government has become more concerned about cybersecurity over the years, certain high-profile U.S. government web sites would be specifically monitored, watching for traffic patterns, inbound IP addresses, and other information to profile bad actors.

With a little more imagination, it wouldn't be unreasonable to think that a security hole or two might be left open in order to keep an attacker on-line long enough in order to trace back his origin.

Fast forward to last week, when cia.gov was defaced around June 15. By June 22, one arrest had been made in Great Britain and it wouldn't be surprising to see others in the weeks to come as more information is gathered, other connections are traced, and warrants are drawn up and executed. 

Do I expect everyone involved to be rolled up? Not immediately. But freelance hackers should wake up to the fact that within certain circles of the U.S. government, cyberattacks can now be classed as acts of war and responded to accordingly. Seriously, you don't go tugging on Superman's cape.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.