Massive Attack on This Blog 296


We are experiencing a Denial of Service Attack on a massive scale. Our extremely experienced tech team – who are serious professionals who come from major IT players – have never defended an attack this big on which someone is spending real resources. The attack is not over, but our various levels of defence and diversion are currently holding.

The attack works simply by getting many tens of thousands of bots from around the world to interrogate the site with queries into its search facility, thus crashing it. It is a type of attack we come under routinely, but never on anything like this kind of scale. This is a proper effort to get the blog off air.

EDIT: Attack ongoing – latest figures.

Further Update: Still going but slowing a bit now.


Allowed HTML - you can use: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

296 thoughts on “Massive Attack on This Blog

1 2 3 5
  • Elaine

    Keep the faith Craig. You are doing seriously good work and rattling cages. #respect

    • frannyeldingo

      It sounds similar to this;

      Alleged vDOS Proprietors Arrested in Israel

      https://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/

      Teenagers.

      Or to this IoT Mirai botnet

      https://krebsonsecurity.com/tag/iot-botnet/

      You can hire out these services for a couple of hundred quid or less. Wouldn;t worry to much*.

      That Krebs bloke never shuts up about the size of the DoS attack that had his blog offline for days. How does your one compare?

      *Actually what should concern you is what will probably be also coming; ”swatting”. Search Krebs experience of that and be glad you don;t live in trigger happy USA. He gets ‘swatted’ so much the local police force ring him up every time they get called about a hostage situation at his house (to confirm nothing is happening).

      Maybe give a ring to the local plod and let them know craig? Do want armed police breaking down your door 3 in the morning.

      • frannyeldingo

        Looking at the numbers craig – UK – 730,000+ – would suggest the Mirai Internet of Things botnet they are using. That’s anything from routers, phones to ‘smart’ fridges and kettles (lol).

        I doubt there would be 730,000+ slave pc and laptops controlled in the UK, then again large swathes of the civil service would have extremely outdated and easily infected machines across the country….

        Just to reiterate craig, this stuff can be hired for a couple of quid. It doesn;t need state level support or anything of the sort.

        Blogs great, keep it up. Has Bojo blamed Putin for this yet?

        • craig Post author

          We get the hired for a hundred quid ones all the time. You can’t get one on this scale cheaply.

  • Paul Hunter

    You have successfully questioned the official line/lies about the Skripal poisoning case and are now paying the price. This is really important.

  • A Prole

    It would be interesting to know how many requests you would usually get from those top 5 countries in a 24 hour period

  • Daniel

    These are deeply dark and worrying times. We are slipping into fascism before our eyes.

  • Ryan Alford

    How do you distinguish between a bot attack and a huge surge in traffic to the blog, perhaps owing to a post going viral on social media? While I wouldn’t discount the possibility of the former, many people have been linking to this blog owing to your excellent commentary on recent events.

    • Toby Goodwin

      Lots of ways, but principally by their behaviour on the site. He says they are submitting search requests – these will typically require more server resources to process than a simple page request. In the case of a link going viral, you’d expect to see lots of users arriving at the linked-to page, which wouldn’t typically be a search.

      • DiggerUK

        Denial of service attacks are above my pay grade. Were can I read up on this.
        Otherwise I am simply expressing outrage for an attack on a blog that I have a great deal of time for, without knowing what exactly I am complaining about…_

    • Darth

      Cloudflare bot detection identifies them as bots as they fail the browser security check when enabled. They are searching the site for random numbers and not trying to access any article.

      A huge surge in genuine traffic would not fail cloudlfare’s bot detection.

  • Bob Apposite

    It’s not me. I’d prefer to debunk Craig through simple, honest logic.

    Let’s all be honest.

    Nothing Craig has written or said on Novichok in any way alters the original British Intelligence/Theresa May assessment of “high likelihood”.

    I mean, Craig’s “unlikely” counter-theories, wouldn’t change that one iota, would they?

    • Bob Apposite

      Craig also, surely, understands that British Intelligence is employed to give “actionable” intelligence to politicians with levels of confidence in that intelligence.

      Not conspiracy theory.

      “Technically it could have been anyone” is neither actionable intelligence, nor a statement in which their is any confidence assessment. In fact, it sounds like a statement in which no relative confidence assessment has been performed, AT ALL.

      • Bob Apposite

        Craig’s Israel theory comes the “closest” to a counter-theory, because it at least has 1 circumstantial argument for “likelihood” – not being a party to the OPCW. But that’s just 1 circumstantial factor. Is that really enough to get it past “unlikely”?

        I doubt it.

        • Christopher Dale Rogers

          Bob,

          Sorry to rain on your propagandist parade, but the entire UK charges against Russia would not stand scrutiny in any English Court, namely, in any criminal case the degree of ‘doubt’ is so high that its unlikely the CPS could bring a prosecution, never mind convince a Jury. Holes are holes Sir, and the UK’s cover story has more holes than a sieve I’m afraid to say – evidently, English Law means bugger all to you, however, its important to some, particularly if we are talking WWIII.

          Hope you, like all other rabid warmongers and chickenhawks, volunteer first for the first wave suicide squad being assembled to teach the the Russians a bitter lesson – just leave the rest of us out of your collective madness.

    • JimKirk

      There has not been enough evidence aired publicly to be in the position to talk about probabilities. It’s a rhetorical device the Government are using and not based on probability theory and statistical analysis <- you need evidence to do that.

    • MJ

      “I’d prefer to debunk Craig through simple, honest logic”

      But you can’t so you do what you do.

  • Oliver Williams

    Must be the Russians. I can’t see any other plausible explanation.
    I would even go as far to say that it is highly likely and of a type that Russians are very familiar with.
    Those other countries are obviously fake IPs.
    (I tried to find the sarcasm font but could not find one as such)

  • Michael Waddell

    Clearly one or more of the ‘intelligence’ agencies behind this. Well that’s what you get if you are not, to use your own phrase, ‘a stenographer to power’. It shows that your work in exposing abuses of power and dodgy activity is effective and is hitting close to the bone

  • Pyotr Grozny

    So are the hits from the UK and USA part of the attack or are they normal. I’d imagine from rhe graph part of the attack, and therefore as United Kingdom supplies more hits than anyone else, including all Latin American countries, I’d imagine Britain is the source of the attack. Perhaps Russian computer experts could help determine the source 🙂

    • Darth

      The sources were worldwide but there seems to be a bias towards central/south America but the UK is also a significant source. The blog may be busy but the access count from the UK is certainly not normal.

  • Clark

    Obviously the Kremlin are DDoSing the site in a double-bluff to make it look like the Skripal poisoning wasn’t them – which must be why they used poison “of a type developed in Russia” in the first place. Er, no, hang on… OK, it must be just coincidence then.

  • Darth

    These numbers are orders of magnitude above what would typically be expected. The blog doesn’t normally get any appreciable number of hits from Columbia for example let alone 160,000 in about an hour.

      • Darth

        Usually these things are compromised PCs, webcams, routers etc whose owners are completely unaware anything is wrong. So called “booter” sites exist on the web where you can pay money to the criminals behind them to rent time on their botnets to launch an attack. The more money you spend the larger the attack.

        • MightyDrunken

          Further to what Darth is saying. As the compromised devices are automatically hacked the sources of these denial of service attack may be irrelevant. For example they may represent where a particularly easily hacked device is sold.

  • TJ

    If you need to crowdfund body armour or a hazmat suit, I’m in for £10. Only half joking, be careful and remember The Moscow Rules-

    Assume nothing.
    Never go against your gut.
    Everyone is potentially under opposition control.
    Do not look back; you are never completely alone.
    Go with the flow, blend in. (Like that’s going happen!)
    Vary your pattern and stay within your cover.
    Lull them into a sense of complacency.
    Do not harass the opposition.(Toooooo late!)
    Pick the time and place for action.
    Keep your options open.
    Technology will always let you down.
    Once is an accident. Twice is a coincidence. Three times is an enemy action.

  • Nicky

    “Never give in–never, never, never, never, in nothing great or small, large or petty, never give in except to convictions of honor and good sense. Never yield to force; never yield to the apparently overwhelming might of the enemy.”

    • Darth

      The attack is ongoing but is being mitigated by cloudlfare settings. Were the site not behind cloudflare it would be offline.

  • Sean Lamb

    Maybe you have just become really really popular? I expect Brazilians are particularly interested in Novichoks

  • Adrian

    Clearly there are people who are afraid of the truth. They really are “of a type”!

    In America, the mass has been sold a false narrative of Russians “hacking” the US election process. Even though independent tech analyses show that the US story is founded on fabricated attribution (with a manufactured cornerstone put in place in 2016 by CrowdStrike) the myth is treated as fact by virtually all major media outlets.

    The goal of achieving similar end in the UK with respect to attribution re Salisbury is being thwarted thanks to your truth-telling blog.

    Onward and upward. Respect, indeed.

  • John Goss

    Keep up the good work. To be experiencing any kind of attack you have to be doing something right.

    Occasionally I think, like all of us, you get it wrong. But your recent posts regarding the Skripals – has everybody stopped asking about their welfare? – have been superb. It tells me too, as with Wikileaks and Julian Assange, there are quite a few out there not happy with the government lies. Well done. And thanks.

  • Rubez

    – Holmes, so who is to blame for poisoning this Russian traitor Skripal?
    – Dear Watson, so it is elementary – Putin! It doesn’t even require any evidence.
    – But Sherlock, what about our principles and ideals of British justice?
    – Watson, what’s the justice for? If not for Putin, we do not would need to poison him!

  • Martin Kernick

    Is this denial of service of a type developed by the UK government or Mossad or someone else?

  • Sagittarius Rising

    That happened to me when I tried to visit your blog earlier this afternoon. An official looking message came up, saying that it was trying to verify my access to the blog – words to that effect. A symbol was spinning – and then I could see the blog.

    I can assure you (Craig) that my first thought was not that this was due to heavy traffic but that there are those who are maybe trying to ascertain the IP addresses etc of those of us who are visiting, hence the brief interruption.

    It took maybe 10 – 15 seconds to get past this almost imperceptible door.

    Bollocks to ’em.

    That, and Boris J deeming all who disagree with the narrative as ‘Nazis’ by way of inference for his comparing the forthcoming World Cup tournament in Russia to Hitler’s Olympics of 1936.

  • glenn_nl

    How about temporarily disabling the search function? The new content of the blog is the main thing, together with the most recent articles. We can manage without the search for a bit.

  • dr. Moriarty

    – Holmes, so who is to blame for poisoning this Russian traitor Skripal?
    – Dear Watson, so it is elementary – Putin! It doesn’t even require any evidence.
    – But Sherlock, what about our principles and ideals of British justice?
    – Watson, what’s the justice for? If not for Putin, we do not would need to poison him!

1 2 3 5

Comments are closed.