The Library of Congress said its computer systems are running normally again after being targeted for days in a “massive and sophisticated” cyberattack.
Starting Sunday morning, access to government services and websites including Congress.gov and the U.S. Copyright Office was disrupted as a result of what security professionals determined to be a major distributed denial-of-service, or DDoS attack, Bernard A. Barton Jr., chief information officer for Library of Congress, said in a blog post Wednesday.
The four-day long attack overloaded the Library’s networks with traffic, causing certain websites to go down and forcing some employees to go without email, Mr. Barton said.
Although increasingly routine and easy to wage, Mr. Barton said the DDoS attack launched against the Library of Congress was a “massive and sophisticated” assault done through the Domain Name System, or DNS — a directory that associates domain names with location on the internet, such as IP addresses.
By “employing multiple forms of attack, adapting and changing on the fly,” the attack temporarily disrupted access to many government databases as well as the National Library Service for the Blind and Physically Handicapped’s BARD, a program that hosts braille copies and audio recordings of Library material, Mr. Barton said.
The size of DDoS attacks have increased globally by an average of 73 percent since 2015, according to a report published earlier this week by Arbor Systems, a cybersecurity firm that analyzed internet data collected through a collaborative partnership of more than 330 service providers. Arbor’s systems have detected an average of 124,000 DDoS “events” per week, the report added, with DNS being the most prevalent protocol used as of last year.
“DoS attacks that leverage DNS as a transport is a common mechanism for flooding target sites with unwanted traffic for two reasons,” Tod Beardsley, a senior research manager for cybersecurity firm Rapid7, told FedScoop.
“DNS traffic is often passed through firewalls without traffic inspection, since timely responses to DNS are critical for many networked environments. [And] second, DNS nearly always uses User Datagram Protocol, or UDP, rather than Transmission Control Protocol, or TCP, and UDP-based protocols like DNS are connectionless. As a result of this design, it’s easier for attackers to forge data packets with many fake source addresses, making it difficult to filter good data over bad.”
The Library of Congress has turned over “key evidence” to authorities that will hopefully bring the perpetrators to justice, Mr. Barton said Wednesday.
“We’re satisfied that we’ve fended off the attack and fortified our system for now, but we’ll continue to be vigilant and employ state-of-the-art security systems to effectively respond to these type of incidents in the future. This is not the first time that a large agency or organization has been targeted with this kind of denial of service, and it certainly won’t be the last,” he wrote, adding that some “residual issues” may be arise down the road as a result of the cyberattack.
Library Director of Communications Gayle Osterberg declined to comment when asked Wednesday about the attack’s origins, The Hill reported.