We are experiencing a Denial of Service Attack on a massive scale. Our extremely experienced tech team – who are serious professionals who come from major IT players – have never defended an attack this big on which someone is spending real resources. The attack is not over, but our various levels of defence and diversion are currently holding.
The attack works simply by getting many tens of thousands of bots from around the world to interrogate the site with queries into its search facility, thus crashing it. It is a type of attack we come under routinely, but never on anything like this kind of scale. This is a proper effort to get the blog off air.
EDIT: Attack ongoing – latest figures.
Further Update: Still going but slowing a bit now.
Keep the faith Craig. You are doing seriously good work and rattling cages. #respect
It sounds similar to this;
Alleged vDOS Proprietors Arrested in Israel
https://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/
Teenagers.
Or to this IoT Mirai botnet
https://krebsonsecurity.com/tag/iot-botnet/
You can hire out these services for a couple of hundred quid or less. Wouldn;t worry to much*.
That Krebs bloke never shuts up about the size of the DoS attack that had his blog offline for days. How does your one compare?
*Actually what should concern you is what will probably be also coming; ”swatting”. Search Krebs experience of that and be glad you don;t live in trigger happy USA. He gets ‘swatted’ so much the local police force ring him up every time they get called about a hostage situation at his house (to confirm nothing is happening).
Maybe give a ring to the local plod and let them know craig? Do want armed police breaking down your door 3 in the morning.
Looking at the numbers craig – UK – 730,000+ – would suggest the Mirai Internet of Things botnet they are using. That’s anything from routers, phones to ‘smart’ fridges and kettles (lol).
I doubt there would be 730,000+ slave pc and laptops controlled in the UK, then again large swathes of the civil service would have extremely outdated and easily infected machines across the country….
Just to reiterate craig, this stuff can be hired for a couple of quid. It doesn;t need state level support or anything of the sort.
Blogs great, keep it up. Has Bojo blamed Putin for this yet?
We get the hired for a hundred quid ones all the time. You can’t get one on this scale cheaply.
You have successfully questioned the official line/lies about the Skripal poisoning case and are now paying the price. This is really important.
It would be interesting to know how many requests you would usually get from those top 5 countries in a 24 hour period
These are deeply dark and worrying times. We are slipping into fascism before our eyes.
I think we’ve been there for a while Daniel, we’re just becoming aware of it, and how deep in the rabbit hole we are.. https://www.insurgeintelligence.com/deep-state/2017/12/23/facebook-a-danger-to-democracy
How do you distinguish between a bot attack and a huge surge in traffic to the blog, perhaps owing to a post going viral on social media? While I wouldn’t discount the possibility of the former, many people have been linking to this blog owing to your excellent commentary on recent events.
Lots of ways, but principally by their behaviour on the site. He says they are submitting search requests – these will typically require more server resources to process than a simple page request. In the case of a link going viral, you’d expect to see lots of users arriving at the linked-to page, which wouldn’t typically be a search.
Thanks very much — I always wondered.
Denial of service attacks are above my pay grade. Were can I read up on this.
Otherwise I am simply expressing outrage for an attack on a blog that I have a great deal of time for, without knowing what exactly I am complaining about…_
Why not disable the search function, at least temporarily?
Cloudflare bot detection identifies them as bots as they fail the browser security check when enabled. They are searching the site for random numbers and not trying to access any article.
A huge surge in genuine traffic would not fail cloudlfare’s bot detection.
Thank you; very interesting.
Hey craig get you’re piece about SCL – a Very British Coup. Online ASAP I’m sure your attack is related
http://bellacaledonia.org.uk/2018/03/20/scl-a-very-british-coup/
I second that!
Here’s May before the election, not knowing anything about Cambridge Analytica!
http://www.dailymail.co.uk/news/article-4044728/Theresa-wants-use-army-computerised-Trump-mind-readers-help-win-Election.html
But wasn’t CA used in the last GE and in the Scottish referendum?
Hang in
It’s not me. I’d prefer to debunk Craig through simple, honest logic.
Let’s all be honest.
Nothing Craig has written or said on Novichok in any way alters the original British Intelligence/Theresa May assessment of “high likelihood”.
I mean, Craig’s “unlikely” counter-theories, wouldn’t change that one iota, would they?
Craig also, surely, understands that British Intelligence is employed to give “actionable” intelligence to politicians with levels of confidence in that intelligence.
Not conspiracy theory.
“Technically it could have been anyone” is neither actionable intelligence, nor a statement in which their is any confidence assessment. In fact, it sounds like a statement in which no relative confidence assessment has been performed, AT ALL.
Craig’s Israel theory comes the “closest” to a counter-theory, because it at least has 1 circumstantial argument for “likelihood” – not being a party to the OPCW. But that’s just 1 circumstantial factor. Is that really enough to get it past “unlikely”?
I doubt it.
You’re so popular that you have to talk to yourself!
Bob,
Sorry to rain on your propagandist parade, but the entire UK charges against Russia would not stand scrutiny in any English Court, namely, in any criminal case the degree of ‘doubt’ is so high that its unlikely the CPS could bring a prosecution, never mind convince a Jury. Holes are holes Sir, and the UK’s cover story has more holes than a sieve I’m afraid to say – evidently, English Law means bugger all to you, however, its important to some, particularly if we are talking WWIII.
Hope you, like all other rabid warmongers and chickenhawks, volunteer first for the first wave suicide squad being assembled to teach the the Russians a bitter lesson – just leave the rest of us out of your collective madness.
There has not been enough evidence aired publicly to be in the position to talk about probabilities. It’s a rhetorical device the Government are using and not based on probability theory and statistical analysis <- you need evidence to do that.
“I’d prefer to debunk Craig through simple, honest logic”
But you can’t so you do what you do.
According to Israel Shamir (is he at all credible?), Novichoks don’t really exist, or not in Russia, anyhow. They were a phantom invented to catch a spy,. although that’s hard to believe since everyone seems to be making them, now, from bleach and Drano, or some such readily available precursors.
There hasn’t been any evidence presented. That is Craig’s point.
Must be the Russians. I can’t see any other plausible explanation.
I would even go as far to say that it is highly likely and of a type that Russians are very familiar with.
Those other countries are obviously fake IPs.
(I tried to find the sarcasm font but could not find one as such)
Maria Zakharova, Russia’s foreign ministry spokesperson, ‘Novichok was developed by the West, not by us’
https://www.youtube.com/watch?v=fV-EuhY-E6g
…. and that concludes the case for the Prosecution…..
Hang in their Craig you have apparently hit a nerve
Clearly one or more of the ‘intelligence’ agencies behind this. Well that’s what you get if you are not, to use your own phrase, ‘a stenographer to power’. It shows that your work in exposing abuses of power and dodgy activity is effective and is hitting close to the bone
Because you speak the truth. Stay strong Craig !
So are the hits from the UK and USA part of the attack or are they normal. I’d imagine from rhe graph part of the attack, and therefore as United Kingdom supplies more hits than anyone else, including all Latin American countries, I’d imagine Britain is the source of the attack. Perhaps Russian computer experts could help determine the source 🙂
The sources were worldwide but there seems to be a bias towards central/south America but the UK is also a significant source. The blog may be busy but the access count from the UK is certainly not normal.
Obviously the Kremlin are DDoSing the site in a double-bluff to make it look like the Skripal poisoning wasn’t them – which must be why they used poison “of a type developed in Russia” in the first place. Er, no, hang on… OK, it must be just coincidence then.
These numbers are orders of magnitude above what would typically be expected. The blog doesn’t normally get any appreciable number of hits from Columbia for example let alone 160,000 in about an hour.
Could the attack be routed through vpns?
Usually these things are compromised PCs, webcams, routers etc whose owners are completely unaware anything is wrong. So called “booter” sites exist on the web where you can pay money to the criminals behind them to rent time on their botnets to launch an attack. The more money you spend the larger the attack.
Further to what Darth is saying. As the compromised devices are automatically hacked the sources of these denial of service attack may be irrelevant. For example they may represent where a particularly easily hacked device is sold.
If you need to crowdfund body armour or a hazmat suit, I’m in for £10. Only half joking, be careful and remember The Moscow Rules-
Assume nothing.
Never go against your gut.
Everyone is potentially under opposition control.
Do not look back; you are never completely alone.
Go with the flow, blend in. (Like that’s going happen!)
Vary your pattern and stay within your cover.
Lull them into a sense of complacency.
Do not harass the opposition.(Toooooo late!)
Pick the time and place for action.
Keep your options open.
Technology will always let you down.
Once is an accident. Twice is a coincidence. Three times is an enemy action.
BTW the “of a type developed by Russia” was picked up by RT in an interview of British Intelligence Officer Philip Ingram on Going Underground-
https://youtu.be/vfxdac3J3-U?t=391
The whole interview is quite interesting.
“Never give in–never, never, never, never, in nothing great or small, large or petty, never give in except to convictions of honor and good sense. Never yield to force; never yield to the apparently overwhelming might of the enemy.”
The attack seemed brief.
Maybe there is evidence of skullduggery..?
The attack is ongoing but is being mitigated by cloudlfare settings. Were the site not behind cloudflare it would be offline.
Maybe you have just become really really popular? I expect Brazilians are particularly interested in Novichoks
Clearly there are people who are afraid of the truth. They really are “of a type”!
In America, the mass has been sold a false narrative of Russians “hacking” the US election process. Even though independent tech analyses show that the US story is founded on fabricated attribution (with a manufactured cornerstone put in place in 2016 by CrowdStrike) the myth is treated as fact by virtually all major media outlets.
The goal of achieving similar end in the UK with respect to attribution re Salisbury is being thwarted thanks to your truth-telling blog.
Onward and upward. Respect, indeed.
Keep up the good work. To be experiencing any kind of attack you have to be doing something right.
Occasionally I think, like all of us, you get it wrong. But your recent posts regarding the Skripals – has everybody stopped asking about their welfare? – have been superb. It tells me too, as with Wikileaks and Julian Assange, there are quite a few out there not happy with the government lies. Well done. And thanks.
– Holmes, so who is to blame for poisoning this Russian traitor Skripal?
– Dear Watson, so it is elementary – Putin! It doesn’t even require any evidence.
– But Sherlock, what about our principles and ideals of British justice?
– Watson, what’s the justice for? If not for Putin, we do not would need to poison him!
Is this denial of service of a type developed by the UK government or Mossad or someone else?
It’s the interweb equivalent of the Oscars.
That happened to me when I tried to visit your blog earlier this afternoon. An official looking message came up, saying that it was trying to verify my access to the blog – words to that effect. A symbol was spinning – and then I could see the blog.
I can assure you (Craig) that my first thought was not that this was due to heavy traffic but that there are those who are maybe trying to ascertain the IP addresses etc of those of us who are visiting, hence the brief interruption.
It took maybe 10 – 15 seconds to get past this almost imperceptible door.
Bollocks to ’em.
That, and Boris J deeming all who disagree with the narrative as ‘Nazis’ by way of inference for his comparing the forthcoming World Cup tournament in Russia to Hitler’s Olympics of 1936.
Stay strong, Craig, don’t give up. Apparently you are close to the truth. Your work is important and appreciated all over the world.
Maria Zakharova in ’60 minutes’ about anti-Russian campaign:
https://www.youtube.com/watch?v=8MNKqJxPcHg
How about temporarily disabling the search function? The new content of the blog is the main thing, together with the most recent articles. We can manage without the search for a bit.
Access to the search function is currently being redirected to google via cloudflare.
– Holmes, so who is to blame for poisoning this Russian traitor Skripal?
– Dear Watson, so it is elementary – Putin! It doesn’t even require any evidence.
– But Sherlock, what about our principles and ideals of British justice?
– Watson, what’s the justice for? If not for Putin, we do not would need to poison him!