|
Roberto Preatoni (SyS64738) As reported by Michelle Malkin's web-blog ( http://michellemalkin.com/archives/005092.htm ), a denial of service attack has downed several american political blogs, most of them hosted by Hosting Matters company.
The list (partial?) of the attacked blogs is:...
Instapundit Power Line
Captain's Quarters
Pundit Guy
Chuck Simmins
Small Dead Animals
Radioblogger
Hugh Hewitt
IMAO
Mountaineer Musings
Say Uncle
Counterterrorism Blog
Anti-Idiotarian Rottweiler
Castle Arggh!
She Who Will Be Obeyed
Michael Totten
Ticklish Ears
Samizdata
Theodore's World
Patterico
Florida Cracker
Jeff Quinton
Overlawyered
Blogs4Bush
Sondra K
It is not clear though if the attack was specifically directed to ALL these blogs or if they suffered from just one attack directed to only one specific blog, being hosted on the same servers (Hosting Matter).
Hosting Matter investigated (a bit) the origin of the attack and on the helpdesk forum posted:
*****************************
"Well, we know who the target is, and we know where the likely source of the attack originates...and I sincerely doubt that country's leadership has the least bit of concern for extraditing over something like this
Stacy - Hosting Matters, Inc.
*****************************"
The phrase has been justified by the fact that investigation about the origin of the dos led to a machine located in Saudi Arabia:
*****************************
"The primary source appears to be Saudi Arabia. However, the nature of DOS attacks is that they originate from any number of places, via machines that are zombied, trojaned, or otherwise compromised.
Annette - Hosting Matters, Inc.
***************************** "
And later on, the same Hosting Matter employee downsized the problem stating:
*****************************
"It doesn't really happen more often here than anywhere else, all things considered. I recall one NOC where they had a DOS of the week going on for close to six months. The target of this attack is not a high profile site, is not very well known outside of their own little circle, and otherwise is unremarkable. However, they've managed to irritate someone badly enough to have their site hacked twice and now they've generate this. So, as with anything that negatively affects every other client, we make adjustments. In this case, it means sending them out of the network so as not to impact anyone else.
Regarding the initial question: neither our own authorities (based on our experience with investigations of DOS attacks and other types of attacks) nor those in the country of origination are going to care about this enough to do anything about it. It's a sad fact of life.
Annette - Hosting Matters, Inc."
*****************************
Dangerous cyberterrorists, restless cyberjihadists or simply muslim annoyed script kiddies who discovered the power of the Internet? Zone-H's opinion is the latter and... yes, we can give even some technical explanation in support of it.
When a Ddos happen (oh yeah, we know a lot about it, ouch!) , the target generally gets hit by a lot of zombified machines that use their bandwidth to send a lot of packets in order to saturate with junk-traffic the target's bandwidth. The true DosLords are usually hiding the originating IP address spoofing it with random IPs. This makes impossible (or truly truly hard) to trace back the machines that are originating the attacks in just a matter of hours. A well planned Ddos attack, using spoofed IP addresses can last even several months before all the attacking machines gets identified and disabled. To let you understand, there are more chances that an attacking machine gets disabled by the legit administrator for service reasons (patching, crashing etc) than getting identified as a source of a dos attack.
On the other side, script kiddies -the lowest form of crackers- are usually creating botnets (the network of zombified machines to be used in the Ddos attack) using automatic tools or self-replicating programs that scans randomly the Internet looking for targets. Most of the time script kiddies are not even aware about the proper configuration of such tools and often forget to set in the botnet the option to launch a spoofed attack, leaving the attacking machines sending packets with their original IP address.
Michelle Malkin (whose work I really appreciate) stated on her blog :
"I hope that federal law enforcement officials and counterterrorism agents are on the case. This is a serious criminal attack on the blogosphere, free speech, and Internet commerce."
No Michelle, these aren't cyberterrorists, this is not an attack against the free speech. This is probably a single annoyed Muslim script kiddie, most probably teenager, who discovered the power of the Internet. It could be even an American Muslim script kiddie as the fact that ONE of the attacking machines is located in Saudi Arabia means nothing, attacking machines are choosen by automatic scans and don't usually have to reside in the same country of the attacker.
It could even be a Christian, maybe the pissed-off husband of a wife who is having an affair with one of the bloggers...
Zone-H witnessed in the last couple of years the development of the Digital Ummah (Digital Islamic Nation), more serious and truly coordinated attacks happened on the digital level, the last one the Prophet Mohammed cartoons protest.
But well, we dont have to worry, soon everything will be normal as we can read from one of the downed blogs ( http://www.imao.us/ ):
"DoS attack on Hosting Matters took IMAO down and a number of other poltical blogs. Michelle Malkin has the details (she always has the details first; hmm...). What's the point of these attacks? We're down a couple hours, and then we're just angrier. Anyway, make sure to tell everyone you know to visit IMAO and buy lots of merchandise; it's the only way to show the terrorists you won't be intimidated."
As you see Michelle, it will be business as usual...
Powered by a Zone-H(ified) version of AkoComment 3.0!
DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice. |
