Slashdot Mirror

← Back to Stories (view on slashdot.org)

Utah Cyberattacks, Up To 300 Million Per Day, May Be Aimed At NSA Facility

Posted by timothy on from the knock-knock dept.

schwit1 writes Five years ago, Utah government computer systems faced 25,000 to 30,000 attempted cyberattacks every day. At the time, Utah Public Safety Commissioner Keith Squires thought that was massive. "But this last year we have had spikes of over 300 million attacks against the state databases" each day: a 10,000-fold increase. Why? Squires says it is probably because Utah is home to the new, secretive National Security Agency computer center, and hackers believe they can somehow get to it through state computer systems. "I really do believe it was all the attention drawn to the NSA facility. In the cyberworld, that's a big deal," Squires told a legislative budget committee Tuesday. "I watched as those increases jumped so much over the last few years. And talking to counterparts in other states, they weren't seeing that amount of increase like we were."

58 comments

  1. 300 mil per day? yeah, right by Anonymous Coward · · Score: 1

    This url apparently shows up frequently in their logs.
    http://publicsafety.utah.gov/Hey-man-got-any-gud-NSA-stufz-fix-me-upyo

  2. What is a "cyberattack"? by langelgjm · · Score: 4, Insightful

    The article doesn't say. A ping flood? Attempted DOS? Attempt to connect to telnet port?

    Sorry, but this guy is clearly exaggerating the number in order to try and get more money. Kind of like when Darryl on The Office wrote on his resume that he had overseen the "shipping of 2.5 billion units of paper material." I.e., pieces of paper.

    --
    "Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
    1. Re:What is a "cyberattack"? by Anonymous Coward · · Score: 1

      A http request for www.utah.gov/index1.php?

    2. Re:What is a "cyberattack"? by CrimsonAvenger · · Score: 1

      300 million a day...that's 350,000 per second or so. So an attack on a State computer every three microseconds on average....

      Hope they have a lot of computers....

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"
    3. Re:What is a "cyberattack"? by SuricouRaven · · Score: 3, Funny

      No, he just got it backwards. That's the number going *out* from the NSA facility, not coming in.

    4. Re:What is a "cyberattack"? by Anonymous Coward · · Score: 0

      it sounds legit to me. there's some smart people out there that know what the NSA is, clearly you don't. I think many in this country and the rest of the world hates this fucking country at this point, and wants to fuck the NSA and any of their supporters up. plain and simple.

      my first thought was not to disbelieve this but to wonder why hackers don't just mobilize a militia and go storm the shit hole facility, as the problem with this modern computer shit is they think they can do all this shit virtually from their computers at home with no effort, which is pussy shit and simply not reality.

      NSA needs to be taken control of, and this country does need a force to invade it, because they are two bit corrupt pieces of shit that endanger us all and have full control over everything we do daily. all communications, all systems, all manufacturing, space systems to watch us, invasive radar technologies to spy on us and tap us even offline in our homes, weapons systems to kill us and do away with us, etc. no joke. patented, whistleblower backed.

      some people are aware, while other clueless twats are not ..

      obamasweapon.com

    5. Re:What is a "cyberattack"? by geekmux · · Score: 4, Interesting

      300 million a day...that's 350,000 per second or so. So an attack on a State computer every three microseconds on average....

      Ironically, that kind of increase would suggest NSA monitoring streams were somehow being misrouted...

    6. Re:What is a "cyberattack"? by Anonymous Coward · · Score: 1

      It's a plea to the legislative budget committee for more money.

    7. Re:What is a "cyberattack"? by CurryCamel · · Score: 1

      After the first paragraph, I thought I'd mod this up. This deserves to be +5, Insightful.
      After the second I thought +4 Insightful is sufficient.
      After the last paragraph I decided just to post this reply instead.

    8. Re:What is a "cyberattack"? by Anonymous Coward · · Score: 0

      300 million a day...that's 350,000 per second or so..

      check your math, bro

    9. Re:What is a "cyberattack"? by Anonymous Coward · · Score: 0

      DOS = Disk Operating System. What year is this, 1993?

    10. Re:What is a "cyberattack"? by MXPS · · Score: 4, Informative

      Umm no, it's not. It's actually 3,472 per second. Check your math.

    11. Re:What is a "cyberattack"? by Anonymous Coward · · Score: 0

      300 million a day...that's 350,000 per second or so. So an attack on a State computer every three microseconds on average....

      Hope they have a lot of computers....

      300,000,000 / (24 hrs x 60 min x 60 sec) = 3,472/sec. You're off by two orders of magnitude.

    12. Re:What is a "cyberattack"? by Anonymous Coward · · Score: 0

      More than likely someone turned their IDS up to the highest sensitivity and then was shocked at the number of events.

    13. Re: What is a "cyberattack"? by smaddox · · Score: 1

      There is such a thing as a non-distributed denial of service attack. They're just not very effective.

    14. Re:What is a "cyberattack"? by Anonymous Coward · · Score: 0

      A few things. First you sound like a paranoid basement dweller who is unaware that he is a card carrying member of the stupid twat club so succinctly described in his own post. The second thing is if the NSA possessed the god like powers ascribed to them there would be absolutely no one who could carry out a cyber attack without being caught within the hour if not sooner. And you seem to be under the impression that the US is the only country in the world with intelligence services that are just as capable and intrusive as any in the US. The reason you are under this impression is that some of the countries with the same capabilities would not hesitate to kill anyone stupid enough to pull a Snowden and it's highly ironic that he is actually holed up in one of those countries. If the US wanted to spike Snowden they could have quietly threatened his family to stop him in his tracks. And there are countries with a long track record of using this just this type of coercion to keep any potential loud mouth from attempting acts of espionage in the first place. And while people may hate the US who really gives a shit? These same people are the ones standing in long lines outside of US embassies around the world desperately trying to score travel Visa's to come to the country the love to hate. And if nothing else Americans are free to return the hate in spades because in the end it really doesn't matter in the slightest.

    15. Re:What is a "cyberattack"? by jader3rd · · Score: 1

      A ping flood? Attempted DOS? Attempt to connect to telnet port?

      So long as the metrics are the same year over year, does it really matter?

    16. Re:What is a "cyberattack"? by ganjadude · · Score: 1

      yes it really does. numbers can be misleading. for example the unemployment numbers. although they have been reported the same forever so its no one presidents fault, but they are very misleading when they say we have a 5.6% rate. they are n ot counting people who are no longer collecting unemployment because they have been out of work for "too long" they are not counting people who went from working a 100 grand a year job supporting a family of 3 to working a min wage job. yeah, its a "job" but its not a real job.

      I would wager this is the same kind of manipulation at work

      --
      have you seen my sig? there are many others like it but none that are the same
    17. Re:What is a "cyberattack"? by Anonymous Coward · · Score: 0

      And there are countries with a long track record of using this just this type of coercion to keep any potential loud mouth from attempting acts of espionage in the first place.

      Noone cares about "other countries" it is not a god damn race to the bottom. The U.S. has a Constitution and certain other things that are SUPPOSED to
      set it apart.

      Not "watch what China does, and be slightly less assholes."
      Not "watch what Russia does, and only do it 1/2 the time."

      That is NOWHERE part of the U.S. plan.

      in the end it really doesn't matter in the slightest.

      Yes, it does matter. If the U.S. is merely "watch what the rest of the world does" then it is ALREADY COMPLETELY GONE.

      Seriously, get a fucking clue.

      These same people are the ones standing in long lines outside of US embassies around the world desperately trying to score travel Visa's to come to the country the love to hate.

      How many people stand in lines...has ZERO effect on whether U.S. agencies are following laws or mistreating U.S. citizens.

      Has ZERO effect on whether such operations are in line with a free society.

      Has ZERO effect on whether the public is mislead, psychologically targetted and manipulatd, has ZERO effect on this discussion.

      You get 0/100. You are hereby KING of the stupid twat club.

      Noone gives a fuck "how popular the U.S. is" it is "does the U.S. follow U.S. law and principles anymore, at all?"

      "do the leaders represent the will of the people, at all?"

      "do the leaders even run anything at all, or is it all ran by intelligence agencies?"

      You are just rambling about random shit that has nothing to do with anything except you show that you yourself:
      hate the U.S. and hate Americans.

    18. Re:What is a "cyberattack"? by Anonymous Coward · · Score: 0

      What's a coupla orders of magnitude between friends?!?!

      Hopefully this guy is designing K-Mart's next website, and not involved with the next space launch or avionics firmware.

    19. Re:What is a "cyberattack"? by Anonymous Coward · · Score: 0

      Lessons in crowbarring in a political argument from right-wing assholes:

      1) Bad unemployment news? It's Obama's fault!

      2) Good unemployment news? Those numbers are LIES!

    20. Re:What is a "cyberattack"? by ganjadude · · Score: 1

      ugh, did you not see where i made the clear cut point that the numbers have ALWAYS been lies??? this has nothing to do with obama

      --
      have you seen my sig? there are many others like it but none that are the same
    21. Re:What is a "cyberattack"? by jader3rd · · Score: 1

      When doing a period of time comparison over a period of time comparison, the important thing is to keep the definition of your unit the same. Now I realize that not all cyber attacks are created equal, but so long as something that wasn't counted previously is now counted, it's still interesting data,

  3. Syntax error detected! by Anonymous Coward · · Score: 0

    TFA is quite ludacrisly sensational. Lemme fix that for you.

    Cyberattacks == script kiddie spam
    Hackers == no talent ass clown skiddies

    1. Re:Syntax error detected! by Deadstick · · Score: 1

      Ludacrisly==person who can't tell hackers from rappers.

  4. What is a cyber attack? by hawguy · · Score: 1

    How do they define "Cyber Attack"? My home firewall fends off thousands of "cyberattacks" every day if you include port scans, and my webserver gets hundreds more vulnerability probes.

    1. Re:What is a cyber attack? by Anonymous Coward · · Score: 0

      that's because you are hiding nsa facility in your closet

    2. Re: What is a cyber attack? by Anonymous Coward · · Score: 0

      You hide onr in your anushole!

    3. Re: What is a cyber attack? by Anonymous Coward · · Score: 1

      In Soviet Russia, NSA facility cyber-attack YOU... oh wait...

    4. Re:What is a cyber attack? by Anonymous Coward · · Score: 0

      Even a relatively harmless port sniff is going to cause significant outage if there's enough of it going on - it all takes up bandwidth.

      Heck, if a kid throws a pebble at your window it's probably not going to do anything. If 300 million kids throw a pebble at your window then your window is going to be scuffed up to shit if it isn't smashed, and your patio is going to need sweeping afterwards.

    5. Re:What is a cyber attack? by Dutch+Gun · · Score: 1

      This is known as internet background noise. Like you said, *everyone* is being continuously scanned and probed for weaknesses, non-stop. For instance, set up a honeypot with an unpatched Windows XP machine open to the net, and I'll bet it's compromised surprisingly quickly.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    6. Re:What is a cyber attack? by Anonymous Coward · · Score: 0

      I like to rig servers to automatically block IP addresses for 30 minutes at a time when they probe standard ports for stuff like SSH and Telnet, or that try to ask the web server for the nonexistent PHPMyAdmin directory. It's hard to "cyberattack" someone's systems when they drop 100% of your packets.

  5. Garbage article by codepigeon · · Score: 1

    I think this summary was longer than the article itself. I was hoping to find what they consider as a 'cyber attack'. Do they count failed attempts at logins, port scans, pings...? Knowing how ignorant even some IT workers are, I could imagine many of those numbers are not actual 'attacks'. But hey, it sure sounds scary to mom and pop.

  6. Its not just a big deal in the "cyberworld" by Anonymous Coward · · Score: 0

    The US govt illegally spying on its own citizens is a big deal in the real world too.

  7. Chicken little? by drunk_punk · · Score: 1

    Sounds like a mid level IT manager needs an increase in his budget. Because, Hey, NSA!

  8. Cyberattack by MoZ-RedShirt · · Score: 0

    What exactly constitues a cyberattack? Does it count if I ping one of their IP addresses and get dropped on the firewall?

    --
    Microsft spel chekar vor sail, worgs grate !!!
  9. Utah is a decoy by Anonymous Coward · · Score: 1

    Did anyone realize that the buildings in Utah were built to be seen as the public facade of the NSA? Did anyone look inside?
    The real facility is underneath the Bellagio in Las Vegas.

    1. Re:Utah is a decoy by Anonymous Coward · · Score: 0

      Ssh, you probably just gave another conspiracy person an idea for a new claim/rant. Remember, for them the less proof of something just proves it more.

    2. Re: Utah is a decoy by Anonymous Coward · · Score: 0

      the sad part is, there is some truth into what the OP said.

  10. Just the cost of doing business by Celtic+Ferret · · Score: 1

    ...with criminals (the NSA).
    --CF

  11. The NSA by Anonymous Coward · · Score: 0

    The proximity means the NSA is constantly hacking the node loops scouring the local name servers for people positioning themselves to fuzz or intercept NSA out and in loops. Their manifesto is "it is better to be the hacker than the hackee" so are being proactive in tying up all extra server cpu cycles.

  12. cyberattack is not a unit of measure by Anonymous Coward · · Score: 0

    if i dumped a gallon of water on your head, you wouldn't say i dumped water on your head 768 times.

    1. Re:cyberattack is not a unit of measure by Anonymous Coward · · Score: 0

      if i dumped a gallon of water on your head, you wouldn't say i dumped water on your head 768 times.

      No, but under that logic using the Chinese water torture unit of measure, you could claim as many attacks as drops of water in a gallon. Just an off the top of my head guess of 10000? Also, probably about three felonies if law enforcement was so inclined.

    2. Re:cyberattack is not a unit of measure by Anonymous Coward · · Score: 0

      depending on the dropper, there are 60-120 drops of water in a teaspoon, and 768 teaspoons in a gallon. it would be ludicrous to claim that i transgressed against you 92,160 times, or 768 times, or whatever.

  13. Ha. by Anonymous Coward · · Score: 0

    Good.

  14. It's like a digital Fort Knox by Anonymous Coward · · Score: 0

    The world got a glimpse of what information the NSA has in its databases with the Snowden revelations. Think that was it? Hardly. We can't even imagine what they might have and how valuable the data could be to rival nations. But if you think those rival nations are going to wait for Snowden Part 2...think again.

    So, NSA, this is what happens when you decide to collect anything and everything without regard to the consequences of storing such information.

  15. It's fine by fibonacci8 · · Score: 1

    It's just the metadata for a DDoS attack, not an actual attack. Nothing criminal about it.

    --
    Inheritance is the sincerest form of nepotism.
  16. Hacking the NSA by nehumanuscrede · · Score: 3, Insightful

    "hackers believe they can somehow get to it through state computer systems. "

    The article makes it sound like the folks doing this are idiots. However, if you really wanted to be a significant thorn in the side of the NSA, would you really attack them directly knowing those systems would be some of the hardest targets on the planet ?

    Or perhaps go after some of the potentially easier targets such as the power grid or water control systems that feed a particular site ?

    That mammoth data center and all the super-computers within it won't be doing a damn thing if you shut off the water supply required to cool it. Ditto for the electricity, though they likely have back-up power, I doubt it's sufficient to run the entire site non-stop for extended periods of time.

    Sort of the whole " Why try to kick down the armored door if a glass window is available to you ? " sort of thing.

    1. Re:Hacking the NSA by Anonymous Coward · · Score: 0

      The Utah legislature has thought about not supplying water

      http://www.sltrib.com/news/184...

  17. It shouldn't even be wired. by Armored+Ear · · Score: 0

    If the data center has to store all of our private information, why is it available on the internet to be attacked? Storage units should be for storage, I don't care if you have to truck in station-wagons full of tapes. One misstep followed by another, apparently.

  18. And I Thought The NSA Was All Bad by BrendaEM · · Score: 1

    At least it serves as a honeypot, absorbing attacks, keeping the internet safe for people who respect the U.S. Constitution.

    --
    https://www.youtube.com/c/BrendaEM
  19. Use of fear to have your way by WaffleMonster · · Score: 2

    These kinds of attack numbers are routinely paraded around in hearings attended by lawmakers on security issues. From expressed concerns and lack of follow-up tactic seems to effective although I would imagine there must be a shelf-life.

    Interesting remaining argument for why they deserve money from NSA rests on invocation of specific incidents involving identity theft and local incidents of crime having nothing to do with NSA activities.

    1. Re:Use of fear to have your way by Anonymous Coward · · Score: 0

      as a victim of identity theft (may or may not be related to the area) ... the NSA is, was, and always will be of ZERO help.

      Local law enforcement, zero. My banks, zero.

      Who did help? Me, my family, random strangers. That's it.

    2. Re:Use of fear to have your way by mcrbids · · Score: 1

      10+ years ago, I used to log all packets that didn't "fit" in expected services. It really was an eye opener, there are perpetual and constant probes of all sorts, all day long. We're not talking actual attacks, just the equivalent of walking around, trying doors to see if any are unlocked or even present.

      At that time, I was logging well over 1,000/day on a *home 1.5 Mbit DSL modem*. Today, I would log that many actual attacks against our small-ish website every few minutes if I cared to log them. The Internet is an incredibly hostile place, and it's only because the routers, servers, and networks etc. are actually rather good at their job that we manage to make it such a useful tool.

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
  20. I know how we can find out by Anonymous Coward · · Score: 0

    Tell the NSA to GTFO of Utah, and see if the number of attacks decreases.

  21. Only 3K PPS of attack? I thought it would be more. by dweller_below · · Score: 4, Interesting
    We see 3k PPS of attack and we probably have 1/8th of their address space. Remember, you need to scale by address space. Utah's state network is one of 3 early Utah experiments in municipal broadband. The other 2 are UEN and Utopia. When it was set up, IP addresses were allocated in /8, /16 and /24 chunks. They probably got a /16 (65K addresses) for each major department. In total, the Utah state government network probably has at least a million public IP addresses.

    If you have a million public IPs, you catch about 3 million attacks every time somebody messes around with Z-Map or MasScan. They always try it at least 3 times. That is 1% of that scary 300 million per day total. And there are a lot of people in the world playing with Z-Map.

    I do IT Security for Utah State University. We are at the North end of the state. We see about 3k PPS of attack all the time. We have 128K of public IP address space. Most days, we are at about 300K PPS at the border. 3K PPS of attack is about 1% of the total. Having 1% attack be incoming packets is normal for the last few years for us. This works out to about 1 attack packet per IP address every 30 seconds. Of course, almost all of them are rejected at the border. Most of my peers are seeing the same attack levels. But, all my peers are at universities.

    However, In the last couple years the attack has shifted. Now, about 1/2 of our detected attack is sponsored or condoned by the Chinese government. The rest is evenly divided between other governments and organized crime. We assume that this shift is the inevitable consequence of the current cyberwar. The shift has also made it easier to do most attribution. Almost all attack by civil servants is easier to identify. It is predictable. It follows patterns. It has preferential quality of service. When you report abuse from a non-government attacker, it shifts methods, or stops, or moves to another target. When you report abuse to a government attacker, it increases. Sometimes it improves.

    The shift in attack may be local to Utah and due to the NSA facility, but I think it is more likely that we are all screwed.

  22. Correlation by QuadEddie · · Score: 1

    It could also be in relation to the number of Marvel movies made or ice cream consumed per capita. Do they have any evidence to back up their correlation?