Cyber Incident Victim: Minnesota Judicial Branch
Date:
Dec 2015
Location:
United States of America
Summary
The Minnesota Judicial Court's website experienced a series of DDoS attacks that caused extended downtime, initially disrupting services for a day before a subsequent attack prompted IT staff to proactively take the site offline for ten days to implement enhanced security measures. Attackers monitored the site's availability during the outage, attempting further disruptions, but no data breach occurred. Internal network access remained functional, and alternative resources were provided to users. Upon restoration, another DDoS attack ensued, with traffic originating primarily from Canada and Asia. The court's mitigation efforts resulted in continued regional accessibility restrictions post-incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 6 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Minnesota Judicial Branch experienced significant disruptions to its public-facing website (mncourts.gov) in December 2015 due to distributed denial-of-service (DDoS) attacks. The first recorded attack occurred on December 8, causing immediate website downtime. Judicial Branch IT staff restored service following this initial incident. A second, more sustained attack began on December 21, prompting IT personnel to deliberately keep the website offline while implementing enhanced security measures. This proactive takedown lasted ten days, with full public access restored on December 31. During this extended outage period, attackers continuously monitored the site's status in apparent preparation for additional attacks. Internal network access to court systems remained operational throughout the incident, allowing judicial staff to maintain critical functions. Public users seeking court documents were redirected to alternative resources such as the Minnesota State Law Library website, with communications director Beau Berentson providing guidance via Twitter.
The prolonged outage represented a deliberate containment strategy by Judicial Branch IT teams, who used the downtime to upgrade server infrastructure and deploy more robust DDoS mitigation systems. Upon reactivating public access on December 31, administrators immediately detected another DDoS attempt, though the new defenses prevented extended disruption. Forensic analysis traced most attacking IP addresses to sources in Canada and various Asian countries. No evidence indicated any data breaches or unauthorized access to sensitive information during the attacks. As a lasting protective measure, the Judicial Branch implemented geographical access restrictions that continued to block website availability from certain regions post-recovery. The incident coincided with a broader wave of DDoS activity across multiple sectors in December 2015, though attribution specifics for the Minnesota court system attacks remained undisclosed by authorities.