(S//NF) SUCCESSFUL ATTACK AGAINST PUBLIC FOIA WEBSITE

Approved for Release: 2017/03/08 C06228935 (b)(3) From: (b)(3) Sent: Friday, June 20, 2014 11:43 AM To: Douglas E. Wolfe (b)(3) Cc: Joseph W. Lambert; (b)(3) Todd D. Ebitz Subject: *mar Successful Attack Against Public FOIA Website Signed By: (b)(3) Importance: High Classification:Jgkeffre (b)(1) (b)(3) �4,g4terl)oug, The CIA's public FOIA website has been successfully hacked, and the (b)(3) damage to the database is unknown. I received the note below from the deputy branch chief (b)(3) who brought this to my attention. .1�SOlfr Starting June 6,2014, the FOIA Electronic Reading Room team was notified of several denial of service attacks on the public-facing reading room website. These incidents did not result in the website being unavailable, and each one was reported to both and IMS management. As a result of the attacks, a (b)(3) decision was made to apply several security patches to the website to ensure that we would not be vulnerable to future attacks. Unfortunately, a new attack was launched, This occuind on June 19 We attack. Currently, the 1-0IA ERR website is believe at that time that the site was hit with a completely unavailable. (b)(1) (b)(3) ss1e5 So far, we have attempted to restore the server to two different snapshots from June, with complete restarts of the server each time. Neither attempt was successful. Our next steps are to move farther back in time to May to see if we can restore to that point in time. We have been elevated ton�Isupport with our (b)(3) server hosting company. At this time, we do not have an ETA on when the site will be restored. (b)(3) LS,1414/VT OPA an have been notified regarding this outage. 1,5.4iNti Background: C10/IMS/RTMGA runs the FOIA Electronic Reading Room on behalf of (b)(3) C1O/IMS/IRRG. The website is managed separately from the CIA.gov website, which is managed by OPA. The FOIA ERR websitet (U444157We are continuing to work the problem. updates as more information becomes available. If you have questions, you can reach her at 1 Approved for Release: 2017/03/08 C06228935 Approved for Release: 2017/03/08 C06228935 omation Review and Release Group secure) IRRG: Mission Critical Information Review Classification: SiGik�E'r 2 (b)(3) (b)(3) Approved for Release: 2017/03/08 C06228935