41 comments

[ 2.7 ms ] story [ 68.9 ms ] thread
Mandatory relevant XKCD: http://xkcd.com/932/
I never understood that comic. You would think preventing traffic reaching a website would be harder than tearing down a poster.

edit: Wrong direction.

The point is that the "poster" (or website) is an irrelevance and "tearing it down" amounts to minor vandalism.
Hacking the NSA website is not hacking the NSA. Hacking a website is relatively easy and not that interesting to people who deal with servers day-to-day.
Right, see. When you say "Relatively easy" do you mean: "it is just subtly easier that compromising the NSA itself" or: "I'm surprised it doesn't happen every day"

because I think you meant the former.

I suspect the difference between hacking the NSA website and hacking the NSA's central computer system is more than subtle
Well, more to the point, it doesn't imply anything about the business end of the agency's systems being compromised. If you hacked into the actual CIA or NSA as in having similar access to an authenticated agent, that would be quite bad for them. Taking down their website is something they don't really care about.
The point isn't whether its easier or harder to deface a website. The point is that a public facing website is a more or less static advertisement for an organization (like a poster), thus taking it or even the server that hosts it down doesn't impact the operations of the organization in any meaningful way.
True. However, it's the what people hear part that is the goal. Hence, from a PR standpoint, it's quite effective.
The comic, while one of the more notable ones to me, dismissed the issue that the act is subversive, and that's what is important in the case of hackers taking down a website. Furthermore, it downplays the significance somewhat. Graffiti on the white house or pentagon would likely make it to the news.
> Graffiti on the white house or pentagon would likely make it to the news.

Still not in the same league. Tagging the white house or pentagon would mean breaching a secure perimeter, whereas this was probably just a minor inconvenience to a sysadmin somewhere for a couple of hours. Nobody would have to assure the public that the President's life was never in danger because someone took down the white house's website. Sneak close enough to touch the windows and survive and it's a different story.

It's back up.
It sure is. It's been down for hours.

    http://www.isitdownrightnow.com/nsa.gov.html
Funny thing is, outages for GitHub and its ilk hit HN in minutes. Either way, the transparency in the post-mortem is more valuable and telling than the outage. Organizations need to prove themselves with transparency to build and earn trust.

Yet, one of these things is not like the other.

The public nsa.gov site is just another government website. It's not like they're running it out of one of their secret data centers.
it's a decoy.

or it might be a decoy decoy... =)

I don't mean to be inflammatory but what's the purpose of HN postings regarding sites being down?

I've never actually been to nsa.gov and would have never known it was down. I'm sure most of the readers are in the same boat.

Even if I did access the site on a regular basis, I'd realize it was down and come back later when it might be back up.

Sometimes my favorite coffee shop is closed. I don't walk around the neighborhood carrying a poster stating that fact.

I've just never understood the purpose of these postings. "facebook" is down, "netflix" is down, etc. It doesn't actually accomplish anything.

Well for the NSA it could be related to the most recent news (maybe its a DDOS by the Germans?!), thus its 'breaking news' about a hot story a lot of HN readers are interested in.

For the other sites, its very rare they go down and its the best and brightest working to keep them up so if they went down the reason why is probably something that would interest the whole community.

"maybe its a DDOS by the Germans?!"

That would be newsworthy however no evidence of this was presented. It was simply "this thing is down now".

If a large site goes down, I would like to know what happened. I'd be interested to learn from the mistakes of others.

This isn't the case with this posting or others like it.

Posts of this ilk rarely have any more information than I could have received from a curl command.

I get your point but perhaps theres a sys admin monitoring a DNS server somewhere and realizes theres a bunch of unusual traffic then on his break he checks HN and realizes the NSA site is down, he then does a little investigation and wolla he connects the dots and has something he can teach the rest of us. It's collective intelligence if you will :-)
It's exciting for people. To them it's news, not a call for discussion.
For some reason more people than normal have been hitting my redirect in the last couple days. http://stats.itanimulli.com I dont think 20k could bring down the nsa, but its still strange.
Word on the street is that it's supposed to be back up and working smoothly by late November.
It's www.NSA.gov NOT NSA.gov.

www.NSA.gov IS up, at least for me.

Edit: I just talked with my American friend and it apparently really is down for them. It works for me up in Canada, though, at 23.6.100.226.

and I get this:

Invalid URL The requested URL "/", is invalid.

Reference #9.c0b31bb8.1382761672.701091f

Yeah, you have to have 'Host: www.nsa.gov' in your request.

$ telnet 23.6.100.226 80

GET / HTTP/1.1

Host: www.nsa.gov

[press Enter twice]

Or you can add www.nsa.gov with that IP to your hosts file, if you reallllly need access to it.

right www.nsa.gov is up, but nsa.gov is not.

How is that even possible? Shouldn't browser fill in www anyway?

Only as a fallback if nsa.gov doesn't resolve. In this case, nsa.gov and www.nsa.gov resolve to different ip addresses. domain.com and www.domain.com are not the same thing. One is usually configured to redirect to the other, and DNS is often the same, but it doesn't have to be.
No. The browser might fall back to www.nsa.gov if it's cached, but if you were to clear out that site from your cache, it'll keep trying to look up nsa.gov.
Some people don't know how to configure DNS.
nsa.gov and www.nsa.gov are two different hosts as far as DNS is concerned. They can and often do point to different places. This is a good example. www.nsa.gov is an alias to Akamai (a large CDN), and nsa.gov points directly to an NSA owned machine (because for technical reasons you can't have an alias or CNAME at the zone apex), people usually configure these machines to redirect to the www hostname.

Browsers should never "fill in" www, because as I pointed out, www might be a completely different host or service.

This is nice to know (and to everyone who have answered me so far), thanks!

I always think www.domain.com resolves to one of the ips and domain.com should too. Thanks!

I think the person making that many requests really needs access to it.
That reference # is a sign that it's hosted on Akamai.

  $ dnsname 23.6.100.226
  a23-6-100-226.deploy.static.akamaitechnologies.com
Maybe it's for temporary maintenance as they ready the public for exciting and scandalous new wiretapping targets.