Digital Media Center
Bryant-Denny Stadium, Gate 61
920 Paul Bryant Drive
Tuscaloosa, AL 35487-0370
(800) 654-4262

© 2024 Alabama Public Radio
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Some Alabama websites hit by 'denial-of-service' computer attack


Some Alabama state government websites have been hit by a denial-of-service (DoS) attack.

The Cybersecurity and Infrastructure Security Agency (CISA) reports this type of attack occurs when legitimate users are unable to access information systems, devices or other network resources due to the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking) or other services that rely on the affected computer or network.

In other words, DoS cyberattacks involves flooding a site with junk data to try and overwhelm it and knock it offline.

The CISA says a denial-of-service condition is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while their resources and services are inaccessible.

Gov. Kay Ivey's office said the attack began Tuesday afternoon on March 12, but she stressed that “there was no breach, and the state’s computers and information have not been accessed.”

The state's Office of Information Technology is working to mitigate the attack, the governor’s office said. Some state websites might be temporarily slow as that work continues, the governor's office said.

The CISA reports there are different methods for carrying out a DoS attack:

  • Smurf Attack: the attacker sends Internet Control Message Protocol broadcast packets to a number of hosts with a spoofed source Internet Protocol (IP) address that belongs to the target machine. The recipients of these spoofed packets will then respond, and the targeted host will be flooded with those responses.
  • YN flood: occurs when an attacker sends a request to connect to the target server but does not complete the connection through what is known as a three-way handshake—a method used in a Transmission Control Protocol (TCP)/IP network to create a connection between a local host/client and server. The incomplete handshake leaves the connected port in an occupied status and unavailable for further requests. An attacker will continue to send requests, saturating all open ports, so that legitimate users cannot connect.

More on denial-of-service attacks can be found here.

The Associated Press is one of the largest and most trusted sources of independent newsgathering, supplying a steady stream of news to its members, international subscribers and commercial customers. AP is neither privately owned nor government-funded; instead, it's a not-for-profit news cooperative owned by its American newspaper and broadcast members.
Baillee Majors is the Morning Edition host and a reporter at Alabama Public Radio.
News from Alabama Public Radio is a public service in association with the University of Alabama. We depend on your help to keep our programming on the air and online. Please consider supporting the news you rely on with a donation today. Every contribution, no matter the size, propels our vital coverage. Thank you.