The Web site for the organization that has come to symbolize security on the Web was itself hit with a distributed denial-of-service (DDOS) attack Tuesday and Wednesday.
The CERT Coordination Center Web site at Carnegie Mellon University in Pittsburgh has been experiencing availability problems since the attack was launched at about 11:30 a.m. EDT Tuesday.
The attack has meant disruptions to the Web site but hasn't knocked CERT out completely, said Ian Finlay, CERT's Internet security analyst. "None of our data has been compromised by this attack, and we are still in business," Finlay said.
Officials at CERT wouldn't elaborate on what steps are being taken to investigate the attack or to find those responsible, except to say, "We are taking steps to make services available, and we are in touch with various organizations, including Internet service providers, to help us investigate and resolve the attack."
Visitors to the Web site found that much of its functionality remained intact. Even so, CERT posted a warning that problems might occur.
According to a statement released by CERT Wednesday morning, attacks against the site are common.
"We get attacked every day," said Richard D. Pethia, director of the Networked Systems Survivability Program at Carnegie Mellon's Software Engineering Institute, which includes CERT. "This is just another attack. The lesson to be learned here is that no one is immune to these kinds of attacks. They cause operational problems, and it takes time to deal with them."
A CERT official later added in a telephone interview that there has never been an attack this disruptive before.
CERT has asked that for nonemergency communications, people continue to send email to firstname.lastname@example.org. For emergencies, it's best to call the CERT Coordination Center hotline (412-268-7090) or send a fax (412-268-6989).
CERT is a major reporting center for Internet security problems. Staff members provide technical assistance and coordinate responses to security compromises, identify trends in intruder activity, work with other security experts to identify solutions to security problems and disseminate information to the community.
CERT also analyzes product vulnerabilities, publishes technical documents and presents training courses.