Massive Attack on This Blog 296


We are experiencing a Denial of Service Attack on a massive scale. Our extremely experienced tech team – who are serious professionals who come from major IT players – have never defended an attack this big on which someone is spending real resources. The attack is not over, but our various levels of defence and diversion are currently holding.

The attack works simply by getting many tens of thousands of bots from around the world to interrogate the site with queries into its search facility, thus crashing it. It is a type of attack we come under routinely, but never on anything like this kind of scale. This is a proper effort to get the blog off air.

EDIT: Attack ongoing – latest figures.

Further Update: Still going but slowing a bit now.


296 thoughts on “Massive Attack on This Blog

1 3 4 5
  • Zhanglan

    Synopsis of Emma Nottingham’s statement at yesterday’s Ambassadorial briefing in Moscow:

    1. “We have offered a chance for bilateral discussion”

    2. The Skirpals were “poisoned with a military grade “Novichok” nerve agent OF A TYPE DEVELOPED BY RUSSIA

    3. “This was an attempted assassination… highly likely that Russia is responsible” because

    a. Identification of the chemical agent
    b. Russia has produced this agent and still can
    c. State-sanctioned assassinations both at home and overseas
    d. defectors are seen as legitimate targets

    4. Russia has offered no explanation how this agent was used and why it maintains stockpiles of chemical weapons in contravention of International Law

    5. Russia has responded with a barrage of distortion and disinformation in an attempt to confuse facts

    6. This poses a threat to the British public and undermines both the CWC and International Law

    7. UK has no obligation to provide Russia with samples under the OPCW / CWC

    8. The UK is engaging with the OPCW

    9. In the last week Russia has admitted that it has previously produced this agent

    10. This was “a Russian-produced agent”

    This may not be the proper forum in which to debate these individual points, but I thought it might be usual to set them out in precis, and I certainly have views on each and every one of them

    • Zhanglan

      “useful”, rather than “usual”, sorry

      upon a second viewing, whilst I still think Russia handled this session inappropriately, my heart goes out to Emma Nottingham, who was way out of her depth, fumbled her lines, and would have been more at home reading out the runners & riders for the local Pony Club

    • Nikko

      As she repeated the phrase “of a type developed by Russia”, the russian panelists missed a chance to ask her for clarification of meaning there and then before the whole world.

      They should have also asked the french embassy representative who claimed that France was fully briefed by UK to share the information.

    • Emily

      The Skirpals were “poisoned with a military grade “Novichok” nerve agent OF A TYPE DEVELOPED BY RUSSIA

      But held in stock at Porton Down.
      Boris Johnson has confirmed that in public in the last few days.
      That is how they identified it……

  • The Salvation Airforce

    RT Headline: “Blast at chemical plant in Czech Republic kills six – officials”

    30 seconds later, press statement by Boris Johnson: “further proof of Putin’s despicable demonic dastardly destructive did I say deadly yet? dreadful dire, ummm damnable…. anyhow, you get the point”

    • The Salvation Airforce

      and as if by magic, here is HM Govt’s official media channel predicting word for word what Theresa May is going to say on this topic when she briefs the EU later today: http://www.bbc.co.uk/news/uk-politics-43489457

      Note the formal diplomatic language used here: ” “We continue to engage with Russia because we seek a position where Russia does abide by internal rules and norms [and] where Russia is A GROWN-UP PLAYER on the world stage abiding by the international approaches, for instance not using chemical weapons.”

    • The Salvation Airforce

      I think there’s a couple of things to bear in mind (though I confess that I am flying on instruments at this point, and don’t have the references to hand):

      1. This guy had already been in the USA for 10 years by the time he wrote this book

      2. His role in the USSR chemical weapons programme was, apparently, environmental protection rather development or production; he may not in fact have the detailed knowledge he professes – or, if he has, it may not have come solely from his career in the USSR

      3. He works for the US Government; what does anyone expect him to say? – “Uncle Sam developed this stuff”? Not only is he undoubtedly subject to secrecy and confidentiality agreements, but he is clearly a “useful idiot” in the hands of anyone seeking to take a quick pop at Russia, because he adds an aura of authenticity

      Craig of course knows, but I bet at least 50% of people in the UK don’t realise and 99% of people in the US State Department don’t care that these nerve agents were developed and subsequently decommissioned in Uzbekistan, which not only is not part of Russia, it doesnt even have a border with Russia.

      Details details…. who cares, watch my lips, Putin dunnit

      • Made By Dom

        Yes, I came to the same conclusion on the unreliability of this chap. I don’t think you have to worry about stuff being taken down though…. his interviews are all over the net.
        Pure observation… most of the interviews I’ve seen include a photo of him holding his book. Surprising that nobody cropped the image. One wonders if these interviews were arranged through his publisher and there was a deal done on showing the book.

        Like you say, he was probably more of a health and safety man than frontline scientist. He turned whistleblower, managed to get out of the country and then had to inject a little more danger into his backstory in order to sell his book.

    • Kiza

      This will be taken down/deleted by who exactly? By the US Government who has been Mirzayanov’s (an Uzbek) employer even during his Soviet days, let alone since he moved up to US and was settled into an expensive house? He apparently still consults for USG.

      Oh, maybe taken down/deleted by those dastardly Russians who stole the US election as well by some neferious magic. Those who poison some totally unimportant pensioner with magical poison, just to prove to the West how bad they are.

      • DiggerUK

        His accent makes it difficult reading. Listening to what he says reveals that he is no US schill either.
        He claims that Novichoks are not on the CWC list of banned chemicals, and demands they should be.
        Claims the reasons given by the US not to publish the formula are “not even science fiction” (fear of terrorists making chemical weapons etc..)
        “You cannot send chemical weapons in envelopes”

        Dismissing him as a disgruntled exile in the land of milk and honey was not the impression I made of him. He likes to bitch at everybody…_

  • Agent Green

    Official Statement of the Russian Ministry of Foreign Affairs on the “Skripal Case”

    AIDE-MEMOIRE
    to clarify the state of affairs
    as regards the so-called ‘Skripal case’

    1. On 12 March 2018, Prime Minister of Great Britain Theresa May, addressing the House of Commons, said it was “highly likely” that the Russian Federation was responsible for the poisoning of former GRU colonel, double agent Sergei Skripal and his daughter Yulia Skripal on 4 March 2018 in Salisbury, with a nerve agent identified according to British classification as A-234.

    The United Kingdom has publicly raised a question about Russia’s “concealing” and “using” part of its chemical arsenal, thus alleging that Russia has “violated” its obligations under the Convention on the Prohibition of the Development, Production, Stockpiling and Use of Chemical Weapons and on Their Destruction (CWC) – one of the most effective multilateral treaties in the disarmament and non-proliferation field, which was initiated, among others, by our country.

    Thus, the United Kingdom has come out against Russia as well as against the Organization for the Prohibition of Chemical Weapons (OPCW) itself and the tremendous work that has been done within this organization during the last two decades, including with participation of the United Kingdom.

    Pursuant to the requirements of Article III of the CWC, the Russian Federation submitted a full and complete declaration of all its chemical weapons stockpiles. That data was thoroughly checked and verified by the inspection teams of the OPCW Technical Secretariat. The fact of the full elimination of Russia’s chemical arsenal has been officially confirmed by the authorized international institution – the OPCW.

    2. On 12 March 2018, given the gravity of the accusations brought against our country, the Russian Embassy in London sent a note verbale to the Foreign Office of Great Britain requesting access to the investigation materials, including samples of the chemical agent that British investigators were referring to, so that it could be tested by our experts in the framework of joint investigation.

    Thus, we proposed to act in accordance with paragraph 2 of Article IX of the CWC. It stipulates that States Parties to the Convention should first make every effort to clarify and resolve, through exchange of information and consultations among themselves, any matter which may cause doubt about compliance with the CWC. Under the provisions of that Article, Russia would be ready to respond to the United Kingdom’s request within 10 days.

    Unfortunately, the British side rejected that option and, instead of following the existing norms of international law, chose to unscrupulously politicize the issue.

    3. British Prime Minister Theresa May suggested that a special Security Council meeting to discuss the matter be held on 14 March 2018. Suspecting that London would play dirty, Russia insisted on making the Security Council’s meeting open.

    It is incomprehensible what the British side was trying to achieve by bringing the issue to the UNSC. This matter by no means falls within the mandate of the UNSC. It is quite obvious that all discussions are pointless until the OPCW gives its assessment of the Salisbury incident (it is important to know whether a nerve agent was actually used; if it was, how the likely origin of the chemicals was determined; what, and on what basis, actions were taken with regard to the victims, etc.).

    4. On 14 March 2018, British Prime Minister Theresa May, apparently having come to senses, finally sent a letter to Director-General of the Technical Secretariat of the OPCW Ahmet Üzümcü (circulated to all OPCW Executive Council Member States on 15 March 2018) inviting the OPCW Technical Secretariat “to independently verify the analysis” of the British investigation into the Salisbury incident.

    As indicated in the press release by the British Foreign Office of 18 March 2018, following the letter by Ms Theresa May, the UK’s Permanent Representative to the OPCW invited experts of the OPCW Technical Secretariat to visit the United Kingdom to carry out an independent analysis of the findings of the British Defence Science and Technology Laboratory at Porton Down in connection with the Salisbury incident. On 19 March 2018, OPCW experts arrived in the United Kingdom.

    Russia expects the OPCW to make an official detailed account of developments around the ‘Skripal case’. We proceed from the understanding that the OPCW Technical Secretariat shall conduct a full-fledged independent investigation in accordance with all relevant provisions of the CWC.

    5. Russia has more and more questions both in legal and practical terms. And we intend to seek answers through the OPCW.

    Russia states that it has not used chemical weapons against Great Britain. We suppose that the attack on the Skripals with toxic chemicals shall be deemed a terrorist act. As Yulia Skripal, a Russian citizen, is among the victims to the incident, we propose cooperation with the British Side under Article IX of the CWC.

    We would like to ascertain the following issues.

    Where, how, and by whom were the samples collected from Sergei and Yulia Skripal? How was it all documented? Who can certify that the data is credible? Was the chain of custody up to all the OPCW requirements when evidence was collected?

    Which methods (spectral analysis and others) were used by the British side to identify, within such a remarkably short period of time, the type of the substance used (“Novichok” according to the western classification)? As far as we know, to do that, they must have had a standard sample of such agent at their disposal.

    And how do these hasty actions correlate with Scotland Yard’s official statements that “the investigation is highly likely to take weeks or even months” to arrive at conclusions?

    What information and medical effects led to a hasty decision to administer antidotes to the aggrieved Skripals and the British policeman? Could that hastiness lead to grave complications and further deterioration of their health status?

    Which antidotes exactly were administered? What tests had been conducted to make the decision to use these drugs?

    How can the delayed action of the nerve agent be explained, given that it is a fast-acting substance by nature? The victims were allegedly poisoned in a pizzeria (in a car, at the airport, at home, according to other accounts). So what really happened? How come they were found in some unidentified time on a bench in the street?

    We need an explanation why it is Russia who was accused on the ‘Skripal case’ without any grounds whatsoever, while works to develop the agent codenamed “Novichok” in the West had been carried out by the United Kingdom, the USA, Sweden and the Czech Republic. There are more than 200 open sources publications in the NATO countries, highlighting the results that those countries achieved in the development of new toxic agents of this type.

    6. Even from purely humanitarian perspective London’s action appears simply barbaric. On 4 March 2018 (as British authorities themselves claim) a nerve agent attack against Russian citizen Yulia Skripal was committed in the territory of the United Kingdom.

    Russian Federation has demanded exhaustive information on the course of investigation into the Salisbury incident involving a Russian citizen (the Russian Embassy in London sent the relevant note verbale on 12 March 2018).

    The United Kingdom is breaching elementary rules of inter-State relations and is still denying, without any explanation, Russian officials’ consular access to Yulia Skripal envisaged by the 1963 Vienna Convention on Consular Relations. For more than two weeks now, we have not been able to credibly ascertain what happened to our citizen and what condition she is actually in.

    On 16 March, the Main Directorate for High-Priority Cases of the Investigative Committee of the Russian Federation initiated a criminal investigation into the attempted willful murder of Russian citizen Yulia Skripal committed by dangerous means in the territory of the United Kingdom.

    The investigation will be conducted in accordance with the Russian legislation and the norms of international law. Highly qualified experts will contribute to the investigation.

    The investigators stand ready to work together with the competent authorities of the United Kingdom. We expect a cooperative approach of the British side.

    7. In the UN Security Council as well as in the OPCW and at other international fora, the Russian Federation has been a consistent and insistent proponent of thorough, comprehensive and professional investigation of all crimes involving toxic chemicals, and of bringing perpetrators to justice.

    We are ready to engage in full-scale and open cooperation with the United Kingdom in order to address any concerns whether in bilateral format or within the OPCW and other international instruments, working within the purview of international law.

    As a responsible member of the international community and a bona fide State Party to the CWC Russia will never speak the language of ultimatums or answer informal and word-of-mouth questions.

    The Western countries’ action on the fabricated ‘Skripal case’ contravenes the norms of international law and the general practice of inter-State relations, as well as the common sense itself. Naturally, we run a detailed record of all that, and when time comes, those guilty will inevitably be brought to justice.

  • Clayton Bradt

    What is the point of a DoS attack on a blog such as this? Bringing the site down for a few hours or even days does no real harm. It’s not as if sales are being lost because customers can’t connect. If anything the attack increases your credibility and shows you to be a victim. Whoever launched it has done you a great favor.

    • Joe Chapman

      “What is the point of a DoS attack on a blog such as this?”

      Deliberate cultivation of victimisation in order to agitate and make it look like the site is under attack by a specific group/state?

  • Clark

    dr david seddon 13:44, the individual bots of the botnet run on infected computers and systems – viruses etc. The distribution may vary with the local proportion of unpatched software, poor availability of security software, or levels of vigilance towards system infection.

  • Chris McKendrick

    Clearly the muppets performing the DDOS attacks aren’t familiar with the concept of ‘The Streisand Effect.’

    Keep up the great work Craig, you’ve clearly rattled someone’s cage.

  • Kacper

    Attack might be either on your website or on your hosting provider. It is impossible to tell.

  • Geoffrey

    I suppose we assume that it is the blameless, British Government or perhaps,an organisation or state sponsored entity trying to help the plucky Brits.

  • John bruce

    Hopefully your firewalls hold Craig…. must be. Tory / CA contract at work, best of luck

  • Lesley Anne Rickard

    You know you’re making an impact when they try to shut you up! Keep up the great work!

  • DrCiber

    Hi,

    Connecting from Mexico here which I see must have a gazillion infected PC’s (Having done some tech support here I can guarantee you that that is the rule not the exception). I don’t know how recent your last update is, but my local tIme is 10:10 AM and the page laded with no noticeable delay. Looks like the Wicked Witch of the North and her army of flying ghcq monkeys may have it in for you, or so I surmise. Watch your six, as the flyboys say.

  • Loris

    Probably some attack using recently published memcached vunerability.
    The traffic coming from these countries doesn’t mean the attack started in these countries.
    Some cyber entity makes a request to some memcached at different locations around the world and the request (content) is redirect to the target that receive massive data without requesting it.
    There are several reflection and amplification attacks.
    Memcached UDP Reflection Attacks
    Memcached Amplification Attacks

    • Darth

      It wasn’t the memcached attack as that is an IP protocol level UDP amplified flood attack. What this blog is seeing is a tailored http protocol attack on the WordPress built-in search facility likely by the Mirai botnet (or related) based on geographical distribution – that is web “POST” requests which appear to the server as genuine real users performing searches. By using tens of thousands of hijacked devices the attack is able to avoid rate limits per individual IP address which would normally prevent this kind of attack.

      It is also possible that a simultaneous UDP amplified attack using memcached or other took place but that is not visible to us in the Cloudflare control panel as it would not reach our domain.

      The attack is still ongoing (5 days and counting) although at a much reduced rate – attack rate dropping by about half every day. The botnet incoming requests are filtered out and prevented from reaching the webserver by Cloudflare DDOS protection.

      • Paul Hunter

        Will you be able to prove that this has been a state level attack, and if so, by whom? Very glad you have been able to outsmart it although I don’t understand the technical details.

        • Darth

          It is an attack that could have been carried out by anyone with enough cash by renting DDOS services from dodgy websites. The blog has come under much smaller rent-a-DDOS attacks before but they normally last minutes or hours at most in occasional bursts (and with far fewer IP addresses) until the money runs out. This seems to have been a very expensive attack.

          Most of the smaller previous ddos attacks on the site probably came through one “provider” as the attacks stopped after they were shutdown.

          • Darth

            The type of attack used in this case cannot fake its source address as it requires a 2-way comms channel to be open for the web http requests to get through and that can’t happen if the source address was faked. The IP addresses seen were definitely real.

  • Joe Chapman

    Why would a DDOS attacker use the country of their own origin knowing the referrers would reveal that information? Makes no sense to me, If it was me, I’d do it through a proxy, route it through an ‘enemy’ country in order to agitate, otherwise it’s a wasted opportunity.

    • Darth

      These are compromised devices (PCs, webcams, routers, tv cable boxes that sort of thing) whose owners have no idea their devices have been hijacked and taking part in attacks. Some criminal entity has command and control of that botnet and sells “time-sharing” access to it on the web. According to news articles (and sometimes their own google listings) they normally accept payment in paypal or bitcoin.

      See for example https://en.wikipedia.org/wiki/Mirai_(malware)

  • JCalvertN

    Meanwhile over at the Independent (newspaper) website today and yesterday (29th and 30th March). Sceptical views are being censored on an industrial scale while comments supportive of the government narrative are allowed to remain – no matter how rabid.

1 3 4 5

Comments are closed.