FW: (S//NF) SUCCESSFUL ATTACK AGAINST PUBLIC FOIA WEBSITE

Approved for Release: 2017/03/08 C06228933 From: Sent: To: Subject: Signed By: Monda FW June 23, 2014 12:38 PM F) Successful Attack Against Public FOIA Website Classification: ..,Sia.Gittil"'" 'Thanks Deputy Director CIO/IMS From: Sent: Monday, June 23, 2014 12:35 PM To: Cc: Douglas E. Wolfe; Joseph W. Lambert Subject: RE: j5,14Nfal Successful Attack Against Public FOIA Website Classification: e;irDrT How far back did you need to go (i.e., how current is the information)? What if anything will be done to update the data on the site? (b)(3) (b)(3) (b)(3) (b)(3) (b)(1) (b)(3) (b)(3) (b)(3) (D)(i) (b)(1) (b)(3) (b)(3) Approved for Release: 2017/03/08 C06228933 Approved for Release: 2017/03/08 C06228933 From: Sent: Monday, June 23, 2014 10:54 AM To: Douglas E. Wolfe; Subject: FW: So5/41.�Successtul Attack Against Public FOIA Website Classification: _,Siareltrre Chiefs - fyi. From: Senvlorifida , June 23, 2014 9:49 AM To: Cc: Joseph W. Lambert; Subject: FW (5,144e-Successful Attack Against Public FOIA Website, Classification:-WECIREC (U//The site is back up. Please pass on to CIO and D/CIOs. Thanks. From: Sent: Monday, June 23, 2014 7:04 AM To Cc: Subject: RE:j�SMIFT5uccessful Attack Against Public FOIA Website Classification: �Srip@itrre The FOIA ERR website is back up. As we are without programming help this week due to our developer's vacation, an after action report will not be available until next week at the earliest. (b)(3) (b)(3) (b)(3) (b)(1) (b)(3) (b)(3) (b)(3) (b)(3) (b)(3) (b)(1) (b)(3) (b)(3) (b)(3) (b)(3) (b)(1) (b)(3) (b)(3) 2 Approved for Release: 2017/03/08 C06228933 Approved for Release: 2017/03/08 C06228933 CIO/IMS/RMTG Deputy Branch Chief Project Manager, CADRE, STAIRS From: Sent: Friday, June 20, 2014 11:43 AM To: Douglas E. Wolfe; Cc: Joseph W. Lambert: Ebitz; Subject: (5,441r7 Successful Attack Against Public FOIA Website Importance: High Classification: 45,Faiel 12fr isSiolOntoug damage to the database is unknown. who brought this to my attention. Todd D. The CIA's public FOIA website has been successfully hacked, and the I received the note below from the deputy branch chief 4S14141frStarting June 6,2014, the FOIA Electronic Reading Room team was notified of several denial of service attacks on the public-facing reading room website. These incidents did not result in the website being unavailable, and each one was reported to both and IMS management. As a result of the attacks, a decision was made to apply several security patches to thenwebsite to ensure that we would not be vulnerable to future attacks Unfortunately a new attack was launched, n June 19 attack. Currently, the FOIA ERR website is believe at that time that the site was hit with a completely unavailable. .4.imlftlirrSo far, we have attempted to restore the server to two different snapshots from June, with complete restarts of the server each time. Neither attempt was successful. Our next steps are to move farther back in time to May to sec if we can restore to that point in time. We have been elevated ton7support with our server hosting company At this time, we do not have an ETA on when the site will be restored. skSlitiVIT OPA and have been notified regarding this outage. 4.Sali+PrBackground: CIO/IMS/RTMG runs the FOIA Electronic Reading Room on behalf of CIO/IMS/IRRG. The website is managed separately from the CIA.gov website, which is managed by OPA. The FOIA ERR website" (b)(3) (b)(3) (b)(3) (b)(1) (b)(3) (b)(3) (b)(3) 3 Approved for Release: 2017/03/08 C06228933 Approved for Release: 2017/03/08 C06228933 (16444414107 We are continuing to work the problem. becomes available. If you have questions, you can reach her at Chief. Information Review and Release Group (secure) IRRG: Mission Critical Information Review will c updates as more information (b)(3) (b)(3) Classification: Classification: Z.Berri"' Classification: ���TITT� Classification: AiNertIlre Classification: Sgete Classification:err (b)(3) (b)(3) 4 Approved for Release: 2017/03/08 C06228933