RE: (S//NF) SUCCESSFUL ATTACK AGAINST PUBLIC FOIA WEBSITE

Approved for Release: 2017/03/08 C06228932 (b)(3) From: (b)(3) Sent: To: Monday, June 23, 2014 12:45 PM (b)(3) Cc: Douglas E. Wolfe; Joseph W. Lambert; (b)(3) Subject: REJ,..WhirrSuccessful Attack Against Public FOIA Website Signed By: (b)(3) Classification:_argeRtirre (b)(1) (b)(3) From (b)(3) The site was restored to a snapshot from May 8,2014. No data has been added to the site since that date, so no further updates are needed. However, we did discover this morning that the eFOIA Request Form functionality is not working, and will not be restored until next week as our developer is on vacation this week. and I agreed to put a (b)(3) notice on the website in the meantime, and to disable the functionality of the form so requests cannot be made. We also notified OPA that the site is back up, but that requests cannot be made electronically. ihanC's Deputy Director CIO/IMS From: (b)(3) Sent: Monday, June 23, 2014 12:35 PM To: (b)(31 Cc: Douglas E. Wolfe; Joseph W. Lambert; (13)(3D Subject: RE:45,44earSbccessful Attack Against Public FOIA Website Classification: areittrlr Approved for Release: 2017/03/08 C06228932 Approved for Release: 2017/03/08 C06228932 How far back did you need to go (i.e., how current is the information)? What if anything will be done to update the data on the site? From Sent: Monday, June 23, 2014 10:54 AM To: Douglas E. Wolfe; Subject: FW: Successful Attack Against Public FOIA Website Classification:_,SEGagr Chiefs � fyi. From: Sent: Monday, June 23, 2014 9:49 AM To: Cc: Joseph W. Lambert; Subject: FW: (SOKFTSuccessful Attack Against Public FOIA Website Classification:�Sa-efte-- (Lillislkierhe site is back up. Please pass on to CIO and D/ClOs. Thanks. From: Sent: Monday, June 23, 2014 7:04 AM To: Cc: Subject: RE: (514finSuccessful Attack Against Public FOIA Website Classification: SEelker (b)(1) (b)(3) (b)(3) (b)(3) (b)(3) (b)(3) (b)(1) (b)(3) (b)(3) (b)(3) (b)(31 (b)(3) (b)(1) (b)(3) (b)(3) (b)(3) (b)(3) 2 Approved for Release: 2017/03/08 C06228932 Approved for Release: 2017/03/08 C06228932 Iii The FOIA ERR website is back up. As we are without programming help this week due to our developer's vacation, an after action report will not be available until next week at the earliest. Thanks, (b)(1) (b)(3) (b)(3) (b)(3) (b)(3) CIO/IMS/RMTGi (b)(3) Deputy Branch Chief Project Manager, CADRE, STAIRS From: Sent: I-rday, June zU, 2014 11:43 AM To: Douglas E. Wolfe; Cc: Joseph W. Lambert Ebit7; Subject: L.SetlF) Successful Attack Against Public FOIA Website Importance: High C1assificatjon:tI 4,10fte!7Doug, damage to the database is unknown who brought this to my attention. Todd D. The CIA's public FOIA website has been successfully hacked, and the received the note below from the deputy branch chief (b)(3) (b)(3) (b)(3) (b)(3) (b)(3) (b)(1) (b)(3) (b)(3) ...(SaNerStarting June 6,2014, the FOIA Electronic Reading Room team was notified of several denial of service attacks on the public-facing reading room website. These incidents did not result in the website being (b)(1) unavailable, and each one was reported to both and IMS management. As a result of the attacks, a (b)(2(b)(3) decision was made to apply several security patches to the website to ensure that we would not be vulnerable to future attacks. Unfortunately, a new attack was launched, this curred on June 19 We believe at that time that the site was hit with a attack. Currently, the FOIA ERR website is completely unavailable. �404+311TSo far, we have attempted to restore the server to two different snapshots from June, with complete restarts of the server each time. Neither attempt was successful. Our next steps are to move farther back in time to May to see if we can restore to that point in time. We have been elevated t support with our server hosting company. At this time, we do not have an ETA on when the site will be restored. (b)(3) 3 Approved for Release: 2017/03/08 C06228932 Approved for Release: 2017/03/08 C06228932 -(-StlItrol'A and have been notified regarding this outage. -EFTMITTBackground: CIO/IMS/RTMG runs the FOIA Electronic Reading Room on behalf of CIO/IMS/IRRG. The website is managed separately from the CIA.gov wcbsite, which is managed by OPA. The FOIA ERR websitei (ULZArit1t5) We are continuing to work the problem. becomes available. If you have questions, you can reach her at will orovic Chief Information Review and Release Group (secure) IRRG: Mission Critical Information Review updates as more information Classification: Classification: sgQa.elm� Classification: 41.EmInnr Classification: .gareler Classification: Sibeittrr Classification: eareeler. 4 (b)(3) (b)(3) (b)(1) (b)(3) (b)(3) (b)(3) (b)(3) (b)(3) Approved for Release: 2017/03/08 C06228932