Cyber Incident Victim: Project on Crowdsourced Imagery Analysis
Date:
Sep 2016
Location:
United States of America
Summary
A distributed denial-of-service (DDoS) attack disrupted servers supporting a nonprofit project focused on crowdsourced analysis of satellite imagery related to nuclear test sites and facilities worldwide. The attack forced the temporary takedown of its geospatial database, which hosted imagery of sensitive locations including nuclear test bases in multiple countries. Service interruptions prevented satellite images from loading on the project's website, though no data was lost. The incident occurred shortly before a significant nuclear test at one of the monitored sites, raising suspicions about the timing. Project officials confirmed the disruption originated from an external cyberattack rather than internal technical issues. The targeted database included imagery from nuclear facilities in North Korea, Russia, Iran, and Myanmar.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 7, 2016, the Project on Crowdsourced Imagery Analysis (PCIA), operated by the Middlebury Institute of International Studies and accessible via geo4nonpro.org, experienced a distributed denial-of-service (DDoS) attack targeting its geoserver infrastructure. This server hosted a critical database of satellite imagery documenting nuclear test sites and related facilities across multiple countries, including North Korea’s Punggye-ri base, Russia’s Novaya Zemlya, and locations in Iran and Myanmar. The attack disrupted access to the geoserver, compelling PCIA administrators to proactively take the system offline to mitigate the disruption. PCIA officials confirmed the incident was an external cyberattack rather than an internal technical failure, though they refrained from attributing blame to any specific entity. The timing coincided with heightened geopolitical tensions, occurring just two days before North Korea conducted a 10-kiloton nuclear test at Punggye-ri on September 9, 2016—a site actively monitored and indexed by PCIA’s platform.
The immediate impact of the attack included the prolonged downtime of the geoserver, rendering satellite imagery inaccessible across PCIA’s website despite the main site remaining operational. This impaired the project’s core function of enabling crowdsourced analysis of changes in nuclear facilities through volunteer-contributed data. PCIA emphasized no data loss occurred due to the incident, describing their response as a precautionary measure to safeguard infrastructure. The organization sourced its imagery from commercial telecommunications providers and relied on public analysts to detect alterations in infrastructure, making service continuity vital for monitoring active sites. While North Korea’s nuclear test timing raised suspicions, PCIA noted its recent addition of Russian nuclear site imagery ten days prior to the attack, leaving multiple potential motivations unresolved. Restoration efforts and forensic analysis details were not disclosed, but the project maintained public communication via its Twitter account, @geo4nonpro, to confirm the attack’s external origin and operational status.