Primer:
In part from Time: Kerry raised the question of Turkey’s NATO membership, suggesting that anti-democratic behavior by Erdogan could imperil the country’s place in the alliance. “NATO also has a requirement with respect to democracy,” Kerry said, and added said NATO would “measure” Turkey’s actions in days to come. “Obviously, a lot of people have been arrested and arrested very quickly,” Kerry said. “The level of vigilance and scrutiny is obviously going to be significant in the days ahead. Hopefully we can work in a constructive way that prevents a backsliding.”
Turkey’s membership in the NATO alliance is a matter of major strategic importance to the U.S., and talk of the country being ousted caught some experts by surprise in the U.S. Amb. Bryza of the Atlantic Council said Kerry’s comments were being taken as threats in Turkey, and that it was an “extreme misinterpretation that we would kick them out of NATO.” Much more detail here.
Turkish hackers claim credit for Library of Congress attack
FCW: A hacking group called the Turk Hack Team is taking credit for a shutdown of the Library of Congress website and hosted systems including Congress.gov, the Copyright Office, Congressional Research Service and other sites.
The group claimed credit on an online message board where users go for updates on the availability of websites.
The attack was launched July 17, in the midst of Turkey’s response to the military coup targeting the elected government of President Recep Tayyip Erdogan. Prominent Turkish officials have accused the U.S. of fomenting the coup; Secretary of State John Kerry issued a stern denial of such accusations.
The Turk Hack Team is not considered at the level of a nation-state sponsored group or an advanced persistent threat, former U.S. CERT director Ann Barron-DiCamillo told FCW. They’re more of a “middle-tier, hacktivist” type group, she said. They’ve gone after targets for perceived slights to Turkey’s honor in the past, including an April 2015 hack on the Vatican website made in response to comments from Pope Francis characterizing the 1915 massacres of Turkish Armenians as a genocide.
The group has not gone after U.S. targets in the past, but Baron-DiCamillo, currently partner and CTO at Strategic Cyber Ventures, said U.S. officials would likely be on the lookout for more hacktivist activity emanating from Turkey. “This is the first kind of visible activity generated post-coup, but it doesn’t mean it’s going to be the last,” she said.
Library of Congress CIO Bernard Barton said on July 20 that the attack had been successfully thwarted.
“This was a massive and sophisticated DNS assault, employing multiple forms of attack, adapting and changing on the fly,” he wrote in a blog post. “We’ve turned over key evidence to the appropriate authorities who will investigate and hopefully bring the instigators of this assault to justice.”
Congress is not covered by the Federal Information Security Management Act and is not required to report cyber incidents to the Department of Homeland Security.
Spokesperson Gayle Osterberg told FCW that the Library of Congress reports all cyber-related criminal activity to the FBI.
DHS is aware of the incident but is not involved in the investigation or mitigation of the attacks, according to an agency source.
DDOS attacks can be expensive to deal with, requiring network operators to obtain specialized routing services from their internet service providers. They can also potentially front for other attacks, or test systems to see what kind of defenses are in place.
Related reading: Turkey blocks access to WikiLeaks after ruling party email dump
Mostly, Barron-DiCamillo said, they are “distracting, causing pain to both users and customers, but not impacting back-end systems and more critical data.”
It is possible the hackers imagined that the Congress.gov and LOC.gov domains represented a more critical target than they actually are. Congress.gov is mostly a public-facing information warehouse that is not integral to the legislative function of the House and Senate. Most of the complaints about the site being down came from librarians and researchers looking to execute catalog searches.
The outage also affected the Congressional Research Service, the in-house think tank for Congress. CRS reports, available only to members and staff, are not published elsewhere except on an ad hoc basis legislators and public interest groups that obtain the odd document. A bill introduced by Rep. Mike Quigley (D-Ill.) just days before the hack would open up CRS reports to the public, and have the effect of creating a backup site for the material on the Government Publishing Office website.
