9 INVESTIGATES: International hacking group attacks Charlotte websites during riots

by: Joe Bruno Updated:

Loading

CHARLOTTE, N.C. - As Charlotte leaders were trying to control September's violent protests, an international hacking group was trying to prevent them from having access to online resources.

The attack was uncovered after the group anonymously called Eyewitness News reporter Joe Bruno.

Cyber attackers successfully took down Charlotte's website during one of the most chaotic nights in the city's recent history.

"It is not easy. It requires a lot of resources," UNC Charlotte professor Muhammad Shehab said of the attacks.

According to Shehab, Charlotte fell victim to what's known as a "denial of service" attack.

A hacking group used bots to excessively request the city's website.

On the second night of the protests, the city said its site, charlottenc.gov, received around 20,000 clicks per second.

Normal traffic is 1 percent of that. 

"They flood the server with requests, when the flood the server with requests, the service runs out of resources," Shehab said.

According to Homeland Security, during a denial-of-service attack, attackers may be able to prevent access to email, online accounts and other restricted information.

Security expert Walter Kimble said cyber-attacks are becoming more common across the nation.

"We need to keep our guard up," Kimble said. "They are very unnerving when they occur because they undermine the portion of our availability our government to function."

An international hacking group called New World Hacking took responsibility for the attack on Charlotte's site.

New World Hacking has taken credit for taking down major websites in the past including ESPN, Twitter and Netflix. 

The group claimed to have access to personal information of city employees, but a spokesperson for the city said there was no data breach.

 

City of Charlotte responds

 

In response to questions from Channel 9, the city of Charlotte released a lengthy statement detailed its encounters with New World Hacking.

"The City of Charlotte’s website, www.charlottenc.gov <http://www.charlottenc.gov>, was unavailable to users during the early morning hours of Sept. 22, 2016," city spokesperson Jordan-Ashely Walker, said. "At no time during the event was the City’s website hacked, nor was any private information compromised."

Walker acknowledges Charlottenc.gov experienced a denial-of-service attack.

"This resulted in an error message or a slow response when users attempted to access the site," she said.

According to Walker, the city has enhanced its security systems to prevent similar attacks. Walker also denies the hacking group's claims that it obtained personal information and emails of city employees.

IT staffers were forced to work around the clock because the attack disrupted city services.

And as the world was watching havoc on Charlotte's streets the city's main source of information wasn't functioning.

"I think it has the potential to get worse," Kimble said. "We are at the point now where our local governments need to respond to the threat now so it doesn't get worse

While the attack last fall, wasn't crippling city leaders said they recognize the threat and have enhanced security systems to prevent another denial of service attack.

They aren't discussing the new system so hackers can't figure out a way around it.

An interview request with New World Hacking wasn't returned. A tweet posted by the group claims the group is no longer functioning.

City of Charlotte releases timeline of events:

•   Sept. 20, 2016, at approximately 4 p.m. - Keith Scott shooting occurs

•   Sept. 20, 2016, at 8:20 p.m. - @NewWorldHackers claims to have taken down training.charlottenc.gov (this is an old site that no longer exists)

•   Sept.  20, 2016, at 9:20 p.m. - @NewWorldHackers claimed to have taken down charlottenc.net (charlottenc.net is not owned by the City)

•   Sept. 21, 2016 at 11:30 p.m.  -

•   City informed of potential issues with charlottenc.gov (slow to load, website loads incomplete)

•   Charlotte Information and Technology security staff begin 24/7 operations mode

•   Sept. 22, 2016, at 12:11 a.m. - Charlottenc.gov website becomes increasingly unresponsive

•   Sept, 22, 2016, at 12:45 a.m. -

•   Charlottenc.gov and associated websites are down; this was the only technology-related service impact

•   I&T security staff determine this is a denial-of-service attack and begin enabling controls to mitigate this situation

•   During this time, the website is receiving 2,000-30,000 web requests per second, which is substantially more web requests than normal; (normal is around 200 web requests  per second)

•   Sept, 22, 2016, at 3 a.m. - Charlottenc.gov starts to become responsive again, but slow, meaning the controls enabled by I&T security staff are effective at limiting the denial-of-service attack

•   Sept, 22, 2016, at 5 a.m. -

•   Charlottenc.gov is responding normally, but still receiving more web requests than normal from the denial-of-service attack

•   This activity continues for the next five days, but there are no further issues with site availability.

•   Sept. 23, 2016, at noon -

•   On Twitter, @NewWorldHackers claims to have exploited a City of Charlotte site and stolen CMPD data.

•   I&T security staff determine that no information was compromised.

•   Sept. 23, 2016, at 1 p.m. - On Twitter, @NewWorldHackers claims to have hacked City site and posts username/password.  (Site was the event permits site and it allows anyone to create username/password; site was not hacked)

•       Oct. 1, 2016, to present - From a cyber-perspective, the event ends; normal operations resume