Feeds

BNP DDoS 'mega-assault' not actually mega in the least

It was eight, no ten really big lads that jumped me

The Power of One eBook: Top reasons to choose HP BladeSystem

A supposedly massive denial of service attack against the British National Party website has been exposed as a gross exaggeration.

The assault, which began on Friday, was described by the party in an email appeal for funds as the "largest cyber attack in recorded history" and comparable only to a 2001 assault against Microsoft*. Nick Griffin, leader of the controversial far-right political party, asked the party's supporters to stump up the £5,000 urgently needed to purchase hardware and servers supposedly needed to keep the site up and running.

Griffin's email appeal claims that the assault came from "eastern Europe and Russia" and that Clear Channel, a firm supplying Euro election billboard advertising services to the BNP, is also under attack and contemplating legal action.

However, Clear Channel, after checking with its US-based techies, said that it was not under any kind of cyber-attack, much less on the phone to its lawyers.

"To confirm - we have had no attack and we have filed no lawsuits," a spokeswoman told El Reg. "The BNP booked a small poster campaign in the run up to the European Elections."

Clear Channel has a policy of carrying advertising "from all the legal political parties, without bias or favour, and regardless of the company’s own views, as long as the advertising is legal and clearly branded for the relevant party".

A BNP spokesman politely told us on Tuesday morning that he was too busy helping to run its Euro election campaign to bother about technology. He said IT guys were too busy reconfiguring servers to speak and had nothing to say about Clear Channel's response that its site was not under attack.

Security firms contacted by El Reg said that a botnet hosted in Romania was firing off attack traffic at the BNP's website, but were unable to confirm the size of the assault. Jose Nazario, manager of security research at anti-DDoS technology firm Arbor Networks, confirmed there was a DDoS attack but wasn't able to gauge its size.

The site's been moving around some in the past few days. here's some recent history, my guess is they're trying to fight the ddos:

bnp.org.uk | 87.117.239.66 | Thu, 01 May 2008 02:50:40 UTC | Sat, 23 May 2009 23:26:39 UTC bnp.org.uk | 87.117.239.84 | Sun, 24 May 2009 20:51:57 UTC | Sun, 24 May 2009 20:51:59 UTC

That .66 IP has come under a SYN flood from at least one botnet. in this case the botnet was hosted in Romanian IP space.

I have no data on the attack's magnitude (BPS, requests per second, etc). but so far everything is consistent with a legitimate attack.

A technically knowledgeable person at the hosting firm managing the site approached El Reg, and on condition of anonymity agreed to explain what had happened.

"There was some attack traffic against the BNP website on Sunday or Monday," our source told us. "But it was hardly noticeable except that one server was taken offline. It's not one to write home about.

"The attack traffic was around 600Mbps, a volume that hardly hits our radar."

We understand that a letter advising the BNP that the hosting package it had signed on for when it moved its servers a few days ago is "not suitable" is in the post.

"Given the content they host, and the volume of traffic, the party needs a package that includes DDoS protection. This will cost a lot more than £5,000," our source explained, adding that no extra servers or any other hardware had been added to the BNP's website since the attacks began late last week.

We understand that the matter of whether the BNP's website breaks the hosting firm's terms and conditions is under review.

Independent sources at web metrics firm Netcraft confirmed that the BNP's website has recently moved hosting provider and changed configuration, moving from Apache to nginx. Its stats on the BNP's website can be found here.

So the BNP's site did experience a minor attack, but the suggestion that it was under the biggest cyberassault ever are pure hype, possibly geared towards reinforcing a siege mentality that encourages supporters into throwing more money at the controversial party.

Arbor's Nazario added that a large attack on the scale claimed would get noticed more widely.

I love how the BNP is claiming this is the largest attack the internet has ever seen. Far from it. While I don't have exact numbers, the absence of alerts on too many other ISPs that serve as their upstream suggests it's not. The botnet behind the attacks isn't super massive, either.

It's either a lie or ill-informed for them to be saying it's the largest attack.

®

Bootnote

*The supposed DDoS attack against Microsoft is, incidentally, something we're unable to find any reports about. The most prominent DDoS attack around that time was Mafiaboy's assault on eBay, Amazon et al, in September 2000.

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.