It’s because the media both have zero concept of what a cyber attack is, but they really, really like them.

They are absolutely dying to tell everyone ‘The Hacker Group Anonymous hacked the Kremlin today and took down their Tourism website for 13 minutes’

Most of the time it’s something super simple like a DDOS attack, not a real attack or ‘hack’ of any kind

The media loves that shit because they know their audience doesn’t get it either and thinks its cool.

>Is the website being down just a public facing indication of more bigger things going on behind the scenes, like files being inaccessible for internal users?

Bang on the money with that one. You might not use the Dept. Of Energy’s site regularly, but there are people who do, and not just the page you first land on, but pages only accessible to those who really need them.

Accessibility of the site to other people usually isn’t the point of an attack. If they can get into the system, they are often able to gain information not accessible with normal usage. For a bank, that could be account numbers of the customers. For the department of Energy, it could be schematics for power stations or lines. Like you suggested, they could also lock out other peoples access so they can’t update things that may need constant adjustment

It depends. Usually the goal is to disrupt service, which is less about making life difficult for the end user and more about causing trouble for the owner of the server. The reason for disrupting service can be as simple as wanting to make providing that service impossible, or it can be a red herring while the hackers do more damage, such as accessing files or stealing money.

> It seems to me that taking down a website is a pretty small move …

Sure, that’s true. The Ministry of X doesn’t do its work in an Internet facing system, unless they are idiots. The point is the optics, it looks bad. If you are an important government ministry and you can’t even keep your web site up, it reduces confidence that you can really do your job, it reduces confidence that the government is able to do its work overall. That image problem is what attackers are trying to cause. AND the news media loves this sort of thing, so they amplify your image attack.

A network breach is embarrassing and can cause the value of a company to go down, by impacting trust. If the breach can be kept in house then that’s what most companies will do if the breach is public they need to address it.

Websites are public.

Because it’s the easiest, most verifiable version of the story. To know if there are any backend server issues would require internal knowledge (e.g. from a sysadmin).

To your other point, a website being down is not always an indication of other issues, behind the scenes. The publicly facing website of a government department will often have a different hosting solution to wherever their important data is stored.