State

Minnesota IT officials respond to weekend DDoS attacks against state systems

Officials did not say if the incident was explicitly linked to protests over the police killing of George Floyd.

June 1, 2020

Minneapolis residents protest the police killing of George Floyd. (Fibonnaci Blue / Flickr)

Minnesota technology officials said Sunday that the state’s networks were inundated over the weekend by malicious attempts to knock government agencies offline, though those efforts were successfully repelled.

In a statement Sunday, Tarek Tomes, Minnesota’s chief information officer and the head of Minnesota IT Services, said the attempted DDoS attacks had not disrupted government operations.

“MNIT’s Security Operations Center is defending against distributed denial-of-service (DDOS) cyber-attacks aimed at overloading state information systems and networks to tip them offline,” the statement read. “Keeping our communications systems secure during times of crisis is critical to protecting the Minnesotans that we serve, and we work to meet the challenging and evolving threat to those systems every day. At this time, these attacks have not successfully disrupted the state services that Minnesotans depend upon, and MNIT is working in close coordination with partners at the Department of Public Safety and with the federal government to share intelligence and stay proactive on cyber threats.”

Officials have not said if the DDoS attempts were linked to the reaction to the May 25 death of George Floyd, an unarmed black man who was killed while in custody of the Minneapolis Police Department in a videotaped incident that has sparked protests and violent clashes with law enforcement nationwide.

The City of Minneapolis, including its police department, was also the target of a DDoS attack last Thursday, which temporarily disabled some websites with an overwhelming surge of traffic, though city officials told StateScoop they were able to repel the attack within a few hours.

Initially, Gov. Tim Walz said Sunday of the DDoS attempts against state systems that “a very sophisticated denial of service attack on all state computers was executed” Saturday night.

The governor’s description, though, may be overblown. While sometimes briefly successful in crippling a government agency from connecting with its constituents online, DDoS attacks are one of the more basic forms of cyberattacks, and can be easily launched with ready-made software — often called a “booter” or “stresser” — purchased on illicit hacker forums. According to website security firm Cloudflare, booters can be purchased for as little as $19.99 in cryptocurrency.