Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Government Security United States IT

Utah Cyberattacks, Up To 300 Million Per Day, May Be Aimed At NSA Facility 58

Posted by timothy from the knock-knock dept.
schwit1 writes Five years ago, Utah government computer systems faced 25,000 to 30,000 attempted cyberattacks every day. At the time, Utah Public Safety Commissioner Keith Squires thought that was massive. "But this last year we have had spikes of over 300 million attacks against the state databases" each day: a 10,000-fold increase. Why? Squires says it is probably because Utah is home to the new, secretive National Security Agency computer center, and hackers believe they can somehow get to it through state computer systems. "I really do believe it was all the attention drawn to the NSA facility. In the cyberworld, that's a big deal," Squires told a legislative budget committee Tuesday. "I watched as those increases jumped so much over the last few years. And talking to counterparts in other states, they weren't seeing that amount of increase like we were."
This discussion has been archived. No new comments can be posted.

Utah Cyberattacks, Up To 300 Million Per Day, May Be Aimed At NSA Facility More

Utah Cyberattacks, Up To 300 Million Per Day, May Be Aimed At NSA Facility

Comments Filter:

  • 300 mil per day? yeah, right (Score:1)

    by Anonymous Coward

    This url apparently shows up frequently in their logs.
    http://publicsafety.utah.gov/Hey-man-got-any-gud-NSA-stufz-fix-me-upyo

  • What is a "cyberattack"? (Score:5, Insightful)

    by langelgjm ( 860756 ) on Saturday February 07, 2015 @11:53AM (#49005559) Journal

    The article doesn't say. A ping flood? Attempted DOS? Attempt to connect to telnet port?

    Sorry, but this guy is clearly exaggerating the number in order to try and get more money. Kind of like when Darryl on The Office wrote on his resume that he had overseen the "shipping of 2.5 billion units of paper material." I.e., pieces of paper.

    • Re: (Score:1)

      by Anonymous Coward
      A http request for www.utah.gov/index1.php?

    • 300 million a day...that's 350,000 per second or so. So an attack on a State computer every three microseconds on average....

      Hope they have a lot of computers....

    • Re:What is a "cyberattack"? (Score:4, Funny)

      by SuricouRaven ( 1897204 ) on Saturday February 07, 2015 @12:31PM (#49005749)

      No, he just got it backwards. That's the number going *out* from the NSA facility, not coming in.

    • Re: (Score:1)

      by Anonymous Coward

      It's a plea to the legislative budget committee for more money.

    • A ping flood? Attempted DOS? Attempt to connect to telnet port?

      So long as the metrics are the same year over year, does it really matter?

      • yes it really does. numbers can be misleading. for example the unemployment numbers. although they have been reported the same forever so its no one presidents fault, but they are very misleading when they say we have a 5.6% rate. they are n ot counting people who are no longer collecting unemployment because they have been out of work for "too long" they are not counting people who went from working a 100 grand a year job supporting a family of 3 to working a min wage job. yeah, its a "job" but its not a r
        • When doing a period of time comparison over a period of time comparison, the important thing is to keep the definition of your unit the same. Now I realize that not all cyber attacks are created equal, but so long as something that wasn't counted previously is now counted, it's still interesting data,

  • How do they define "Cyber Attack"? My home firewall fends off thousands of "cyberattacks" every day if you include port scans, and my webserver gets hundreds more vulnerability probes.

    • Re: What is a cyber attack? (Score:1)

      by Anonymous Coward

      In Soviet Russia, NSA facility cyber-attack YOU... oh wait...

    • This is known as internet background noise [wikipedia.org]. Like you said, *everyone* is being continuously scanned and probed for weaknesses, non-stop. For instance, set up a honeypot with an unpatched Windows XP machine open to the net, and I'll bet it's compromised surprisingly quickly.

  • I think this summary was longer than the article itself. I was hoping to find what they consider as a 'cyber attack'. Do they count failed attempts at logins, port scans, pings...? Knowing how ignorant even some IT workers are, I could imagine many of those numbers are not actual 'attacks'. But hey, it sure sounds scary to mom and pop.
  • Sounds like a mid level IT manager needs an increase in his budget. Because, Hey, NSA!

  • What exactly constitues a cyberattack? Does it count if I ping one of their IP addresses and get dropped on the firewall?

  • Utah is a decoy (Score:1)

    by Anonymous Coward

    Did anyone realize that the buildings in Utah were built to be seen as the public facade of the NSA? Did anyone look inside?
    The real facility is underneath the Bellagio in Las Vegas.

  • ...with criminals (the NSA).
    --CF

  • It's just the metadata for a DDoS attack, not an actual attack. Nothing criminal about it.

  • Hacking the NSA (Score:4, Insightful)

    by nehumanuscrede ( 624750 ) on Saturday February 07, 2015 @02:34PM (#49006497)
    "hackers believe they can somehow get to it through state computer systems. "

    The article makes it sound like the folks doing this are idiots. However, if you really wanted to be a significant thorn in the side of the NSA, would you really attack them directly knowing those systems would be some of the hardest targets on the planet ?

    Or perhaps go after some of the potentially easier targets such as the power grid or water control systems that feed a particular site ?

    That mammoth data center and all the super-computers within it won't be doing a damn thing if you shut off the water supply required to cool it. Ditto for the electricity, though they likely have back-up power, I doubt it's sufficient to run the entire site non-stop for extended periods of time.

    Sort of the whole " Why try to kick down the armored door if a glass window is available to you ? " sort of thing.

  • At least it serves as a honeypot, absorbing attacks, keeping the internet safe for people who respect the U.S. Constitution.

  • Use of fear to have your way (Score:3)

    by WaffleMonster ( 969671 ) on Saturday February 07, 2015 @03:15PM (#49006793)

    These kinds of attack numbers are routinely paraded around in hearings attended by lawmakers on security issues. From expressed concerns and lack of follow-up tactic seems to effective although I would imagine there must be a shelf-life.

    Interesting remaining argument for why they deserve money from NSA rests on invocation of specific incidents involving identity theft and local incidents of crime having nothing to do with NSA activities.

    • Re: (Score:2)

      by mcrbids ( 148650 )

      10+ years ago, I used to log all packets that didn't "fit" in expected services. It really was an eye opener, there are perpetual and constant probes of all sorts, all day long. We're not talking actual attacks, just the equivalent of walking around, trying doors to see if any are unlocked or even present.

      At that time, I was logging well over 1,000/day on a *home 1.5 Mbit DSL modem*. Today, I would log that many actual attacks against our small-ish website every few minutes if I cared to log them. The Inter

  • Only 3K PPS of attack? I thought it would be more. (Score:5, Interesting)

    by dweller_below ( 136040 ) on Saturday February 07, 2015 @09:03PM (#49008379)
    We see 3k PPS of attack and we probably have 1/8th of their address space. Remember, you need to scale by address space. Utah's state network is one of 3 early Utah experiments in municipal broadband. The other 2 are UEN and Utopia. When it was set up, IP addresses were allocated in /8, /16 and /24 chunks. They probably got a /16 (65K addresses) for each major department. In total, the Utah state government network probably has at least a million public IP addresses.

    If you have a million public IPs, you catch about 3 million attacks every time somebody messes around with Z-Map or MasScan. They always try it at least 3 times. That is 1% of that scary 300 million per day total. And there are a lot of people in the world playing with Z-Map.

    I do IT Security for Utah State University. We are at the North end of the state. We see about 3k PPS of attack all the time. We have 128K of public IP address space. Most days, we are at about 300K PPS at the border. 3K PPS of attack is about 1% of the total. Having 1% attack be incoming packets is normal for the last few years for us. This works out to about 1 attack packet per IP address every 30 seconds. Of course, almost all of them are rejected at the border. Most of my peers are seeing the same attack levels. But, all my peers are at universities.

    However, In the last couple years the attack has shifted. Now, about 1/2 of our detected attack is sponsored or condoned by the Chinese government. The rest is evenly divided between other governments and organized crime. We assume that this shift is the inevitable consequence of the current cyberwar. The shift has also made it easier to do most attribution. Almost all attack by civil servants is easier to identify. It is predictable. It follows patterns. It has preferential quality of service. When you report abuse from a non-government attacker, it shifts methods, or stops, or moves to another target. When you report abuse to a government attacker, it increases. Sometimes it improves.

    The shift in attack may be local to Utah and due to the NSA facility, but I think it is more likely that we are all screwed.

  • Comment removed based on user account deletion

Slashdot Top Deals

The optimum committee has no members. -- Norman Augustine

Close