SoylentNews is people
SoylentNews
Last week, several major eCommerce sites in Switzerland were targetted by DDoS attacks (German). As far as I have been able to discover, no one knows who was behind the attacks[*]. One might have thought the attackers would identify themselves and demand ransom to stop the attacks, but apparently not. Anyhow, I should hope that no company would be stupid enough to pay, since that would just put them on the list of "suckers" to be targetted again.
This past weekend, it was Swedish government sites, among others.
Today, I have come across two sites that I cannot reach: dilbert.com and an EU governmental site about a minor software project. Dilbert is definitely the target of a DDoS attack; I cannot confirm this for the .eu site, but it seems likely.
Here are a few random thoughts from a non-expert:
- Why would anyone bother with attacks, without claiming credit or demanding ransom? The same reason kids throw rocks through windows? Showing off capability for potential paying customers? Something else?
- If the second (demonstrating capability), isn't this stupid? They've provided ample motivation to disable these attacks, or at least seriously filter them, thus reducing their impact in the future attacks.
- The current DDoS attacks are apparently NTP-reflection attacks (send spoofed queries to vulnerable NTP servers, which then reply to the victim), and similar DNS-based attacks. Is it possible to eliminate these attack vectors, just as Poodle and Heartbleed have been largely eliminated? I.e., issue patches, offer free tests, even blacklist noncompliant servers? Or are the affected protocols so broken that this is not possible?
The whole situation is strange - it seems like there are a lot of missing pieces to the puzzle. I'd be interested in hearing opinions from other Soylentils - what do you think?
[* My German is rusty, but the first-linked story references the "Armada Collective". -Ed.]
(Score: 3, Interesting) by looorg on Tuesday March 22 2016, @07:47AM
From what I can gather from the articles about the DDOS attack in Sweden it seems to mostly be various newspapers that got taken out, possibly also then other companies that are unfortunate to have the same hosting companies. From the historical perspective this has happened before and have usually been in relation to some perceived slight versus the Pirate Bay or the Julian Assange case. This time they initially screamed it was the Russians (Sweden has a historical bogeyman fetish vs Russia, It does seems a lot of the hijacked computers was from Russian which of cause means nothing really - if it was a Russian sponsored cyberattack they sure did pick weird targets and didn't cover their tracks very well). After that it seems to have been a DDOS-response to the outing in media of various users for some "alternative media" (read right wing and/or xenophobes depending on your perspective) sites such as www.avpixlat.se, www.friatider.se and part of some old user database for the webforum www.flashback.se. But from what I know that wasn't exactly something that happened recently so it was quite a delay in response then.
The status now seems to be media and government in unison saying it's an attack of freedom, free-speech and all that is wonderful in live; like some "news" site being down for a few hours was a threat to the nation. Various government agencies seem to be trying to pawn the case off on each other, probably cause they know what a turd it is and it will be a nightmare to investigate and it won't amount to anything. The interesting thing is that if you look at the homepages of the various news sites that was hit none of them are frontpage newsing the attack anymore - yesterdays news already.
It's a bit odd tho that all these media companies and news papers are private and commercial entities that all make tons of money but I guess they don't want to invest any of it in server security, instead they go for the old 'attack on free speech' and want the government to somehow bail them out.
(Score: 2) by mth on Tuesday March 22 2016, @09:37AM
It's a bit odd tho that all these media companies and news papers are private and commercial entities that all make tons of money but I guess they don't want to invest any of it in server security, instead they go for the old 'attack on free speech' and want the government to somehow bail them out.
Newspapers making tons of money? Most are struggling with paper subscriptions going down and unable to make much money online.
(Score: 2) by looorg on Tuesday March 22 2016, @10:49AM
If this had been a few small and independent city newspapers I might have agreed. But these are more or less the largest newspapers in the country. Add to that that most of these papers are owned by one of the two Scandinavian newspaper/media monopoly/giants Bonniers or Schibsted. They are not poor. They are making money hand over fist.
(Score: 0) by Anonymous Coward on Tuesday March 22 2016, @10:14AM
Also I suspect the newspapers are after government money to "improve their infrastructure", at least from the articles they wrote.
Mostly they have nobody but themselves to blame for having huge, image-heavy, bloated websites.
If they just had a simple text-only static website I doubt it would have been all that hard to withstand (admittedly it helps less/you'd need to be able to redirect to AWS or similar if it's an amplification based attack).
(Score: 3, Informative) by mth on Tuesday March 22 2016, @10:36AM
The summary claims they are being hit by a flood of UDP packets, not HTTP requests. While I don't like bloated website designs either, I don't think you can blame those in this case.