Cyber Incident Victim: Indiana State Government
Date:
Mar 2015
Location:
United States of America
Summary
A hacker group known as @YourVikingdomon executed a DDoS attack against Indiana's government website, causing it to go offline for approximately 45 minutes. The attack coincided with widespread protests against the state's newly enacted Religious Freedom Restoration Act, which critics argued legalized discrimination against the LGBT community by allowing businesses to deny services based on religious grounds. While the attackers referenced the controversial law as motivation, security analysts indicated the group primarily targeted poorly protected government websites for entertainment, exploiting their lack of DDoS mitigation measures. The incident drew attention to corporate backlash against the legislation, including Salesforce canceling Indiana-based programs. The state restored website functionality, and the hacker group's Twitter account was subsequently suspended.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 27, 2015, Indiana’s state website (in.gov) became inaccessible following a distributed denial-of-service (DDoS) attack attributed to the hacking group @YourVikingdomon. The attack occurred shortly after Governor Mike Pence signed Senate Bill 101, the Religious Freedom Restoration Act, into law—legislation widely criticized for enabling discrimination against LGBT individuals. The group, which had previously disrupted 34 other government websites that month, targeted Indiana’s infrastructure after online discussions urged protests against the law. Attackers overwhelmed the site with traffic, causing it to go offline at approximately 2:00 p.m. EST. The Indiana Office of Technology investigated the outage, which lasted 45 minutes before partial restoration, though performance issues persisted afterward. The group exploited the website’s lack of DDoS protection, a vulnerability consistent with their pattern of targeting poorly defended government systems. While the timing suggested a political motive, reports indicated the attackers primarily sought entertainment rather than ideological alignment with the anti-SB101 movement.
The incident amplified existing backlash against SB101, which had already drawn condemnation from businesses and advocacy groups. Salesforce CEO Marc Benioff announced a halt to employee travel and customer programs in Indiana, impacting operations of ExactTarget—an Indiana-based subsidiary acquired for $2.5 billion in 2013. Public scrutiny intensified as media coverage linked the website’s downtime to broader criticisms of the law’s discriminatory implications. By the time services were fully restored, @YourVikingdomon’s Twitter account had been suspended. No data breaches or permanent system damage occurred, but the attack underscored the state’s inadequate cybersecurity defenses. The disruption remained confined to the primary state domain, with no evidence of secondary system compromises or expanded targeting beyond the initial DDoS strike.