Indiana's website taken out by DDoS in response to 'religious freedom' law

The state's website was up and down for most of the early afternoon on Friday

Indianapolis 148492252

  

Credit: Thinkstock

Update: An Indiana business has been targeted for their public support of this law. That story can be found here.

The state of Indiana is having a bad week. First, Governor Mike Pence signed a controversial "religious freedom" bill into law; earning the state a black eye for taking step backwards on civil rights.

Now, twenty-four hours later, the state's website was knocked offline by a group taking up another person's protest against Religious Freedom Restoration Act.

The group responsible for taking IN.gov offline has targeted 34 other state, local, tribal, and territorial government websites this month. Going by the name @YourVikingdom on Twitter, the group targeted Indiana's website after another user suggested that a campaign against the state be mounted in response to recently enacted discriminatory law.

Senate Bill 101, also known as the Religious Freedom Restoration Act, was surrounded by controversy in the days leading up to its signing. Businesses and organizations on both sides of the debate, including religious groups such as The Christian Church (Disciples of Christ) urged Gov. Pence to veto the bill.

The problem most people have with the new law is that it opens the door for business owners to deny services to the LGBT community for religious reasons. The law, said to be nothing short of legalized discrimination, has caused business leaders to react, including Salesforce CEO Marc Benioff, who stated that employees and customers would no longer be sent to Indiana.

Salesforce bought ExactTarget, an Indiana-based marketing software company, for $2.5B in 2013.

"Today we are canceling all programs that require our customers/employees to travel to Indiana to face discrimination," Benioff said via Twitter.

There's no way to prove it, but the DDoS attack against Indiana's primary website might have been avoided.

The group responsible has no real purpose. Despite their outlandish claims, the reality is they attack vulnerable infrastructures – or low-hanging fruit as it were – for fun. There is no cause for them to support, just their own amusement.

All of their victims, especially the government websites, have little to no anti-DDoS protection. Indiana is no different.

Yet, because of the backlash against Indiana over the 'religious freedom' law, @YourVikingdom took notice and flooded the website with traffic to the point that it collapsed. The site was able to recover, but the damage had already been done.

Then again, the 'religious freedom' law might have been nothing more than an excuse. As low-hanging fruit, Indiana's servers were always a possible target, especially given the established pattern set by @YourVikingdom.

Indiana's website was offline at 2:00p.m. EST, and recovered 45 minutes later, but remained sluggish for another half-hour while the Indiana Office of Technology worked to resolve the issue.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.