Our story started April the 16th when The Dark Visitor Blog warned us about a plan to DDoS CNN.com (see picture above):
Several Chinese hacker groups are calling for a DDOS attack on the CNN website to begin at 8:00pm on 19 April 2008. While only three websites have openly posted about this attack, my guess is that many more calls are going on behind closed doors. (Source: The Dark Visitor)
In the days that followed, the call got more attention and started to spread:
This was getting some press coverage. So, about a day before the planned attack the organizers identified as "Revenge of the Flame" tried to call off the attack to reschedule it in the near future:Second, many more Chinese sites, not just hacker, starting to call for the DDOS attack on CNN. Also they are starting to solidify their plans. Here are the details from one posting on the Guilin University of Electronic Technology bulletin board:
- Attack will start on 19 April 2008, at 8:00 pm
- DDOS attack on www.cnn.com
- The DDOS attack is going to last over three hours
- They need a large number of compromised computers to carry out the attack and are requesting everyone’s support in putting to together the number needed
The plan has many more details but unfortunately the language is too technical for me to translate.
Here are additional sites calling for the attack on CNN.
http://bbs.neteasy.cn/showthread.php?p=984976
http://www.coogo.net/bbs/showtopic-444648.aspx
http://www.ytjt.com.cn/bbs/redirect.php?tid=36644&goto=lastpost
http://www.ipark.cn/bbs/Post.asp?PostID=836336
http://blog.xuite.net/lemon_head/simple/16728332
http://tieba.baidu.com/f?kz=357748876(source: The Dark Visitor)
The Chinese hacker group that has been organizing to attack CNN has been identified as the “Revenge of the Flame.” They recently released a statement calling off the DDoS attack on CNN; however, it may have come too late to stop some of its members from going after the site. (Source: The Dark Visitor)And some guys could not wait till the 19th and went a ahead with an attack. The guys from Arbornetworks did an analysis.
Destinationswww.cnn.com (one of the IPs for this DNS name)
Attacks in past 24 hours36 attacks measured
Attacks by type36 TCP SYN floods
Average and max attack duration330 seconds average (5.5 minutes), 337 second maximum (slightly longer) These attacks were very small, they barely registered, so it’s hard to say that they’re the massive onslaught that we may see this weekend. It’s possible this is entirely unrelated - a lot of hackers try to bring down major websites like this every day. (Source: Arbornetworks)
CNN itself reported on the attack which at that point didn't cause major harm on the website.
CNN was targeted Thursday by attempts to interrupt its news Web site, resulting in countermeasures that caused the service to be slow or unavailable to some users in limited areas of Asia."CNN took preventative measures to filter traffic in response to attempts to disrupt our Web site. A small percentage of CNN.com users in Asia are impacted," the network said in a statement.
"We do not know who is responsible, nor can we confirm where it came from," the statement continued.
A CNN spokesman said the Web site began to notice problems around midday Thursday and took measures to isolate the trouble by limiting the number of users who could access it from specific geographic areas.
As a result, he said, some users in those areas experienced temporary slowdowns or problems accessing the site.
The spokesman could not offer an estimate of how many users were affected. However, he said that the impact on daily usage was "imperceptible" and that the site "at no time" went down.
Service had returned to normal by mid-morning Friday, he said. (Source: CNN.com)
So was this just a hot air balloon? Maybe not, another update on The Dark Visitor showed us that the leader of the Revenge of Flame "cn_Magistrate" posted attack tools to assist in the attack.
The latest update from Arbornetworks at 8PM US Eastern Time indicated that the attack were ramping up:As always, my thanks for everyone’s strong sense of nationalistic responsibility; once again, the Magistrage is grateful to everyone.
Today is 18 April, we are angry and we shall roar, the annoucement follows:
- Prior to 8:00 pm on 18 April 2008, we invite everyone on IS (ID number 12570496). We will have an important matter to pass along. (This part a little rough on xlation) Please note our compatriots will find a way online, obey directions that have been put in place.
- Tool download address, considering that there are many normal web users who do not have a high-degree of technical knowledge, we are providing idiot-type (really means for those who don’t know) tools for download. The download address: http://playgood.ys168.com/. Everyone please pay attention to the group announcements.
- Everyone please remain disciplined, listen to the directions of each of the group managers. Pay attention to your own words, deeds and essence. We are all Chinese! (source: The Dark Visitor)
More attacks to report, with greater intensity. It look s like some people still giving this a go. I cannot, with the data I have, attribute this to any of the Chinese attacker groups that are supposedly behind the rally call, so this could be other parties entirely. (Source: Arbornetworks)So this was the latest update and CNN.com seems to be alive and kicking. Was the attack successful ? What was the overall impact? I'll update this post in the next hours as I find new updates.
Update from Thedarkvisitor: Revenge of the Flame disbands, denies all responsibility for attack on CNN…and kills website
Currently, everyone on the internet is using the instrument of attack as a means to express their passion and this has already obstructed the motherland’s normal network communications. This is something we do not wish to see happen. Regardless if it is “Revenge of the Flame” or not, we hope that everyone can rationally reflect on this question.
From this moment, the Revenge of the Flame is disbanded!! If there are any notification after this, they will be posted here. We respectfully ask that you pay attention to this page.
Read full post here.
CNN still seems to be live. I'm just wondering what they meant with "this has already obstructed the motherland’s normal network communications".
Here is the update: Update on CNN.com attacks, not down but defaced
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment