July 20, 2016
The US Congress has just recovered after a three-day DDoS attack that has crippled its online portal congress.gov, along with adjacent sites such as the US Library of Congress (loc.gov) and the US Copyright Office (coypright.gov).
The attack started on Sunday evening, July 17, and initially targeted the Library of Congress website, affecting the same server infrastructure on which the other two websites were also hosted.
Despite initial defensive measures, the attack slowly escalated in the following days and continued to cause trouble for government officials and site visitors until five hours before this article’s publishing date.
At the time of writing, all three websites are up and running. No other government portals appear to have been affected following a quick inspection.
A US Library of Congress spokesperson said the DDoS flood involved some kind of “DNS attack.”
While not officially confirmed, leveraging our technical expertise, we can presume this was a DNS reflection DDoS attack, one of the most prevalent types of DDoS attacks seen today.