Feeds

BNP DDoS 'mega-assault' not actually mega in the least

It was eight, no ten really big lads that jumped me

Securing Web Applications Made Simple and Scalable

A supposedly massive denial of service attack against the British National Party website has been exposed as a gross exaggeration.

The assault, which began on Friday, was described by the party in an email appeal for funds as the "largest cyber attack in recorded history" and comparable only to a 2001 assault against Microsoft*. Nick Griffin, leader of the controversial far-right political party, asked the party's supporters to stump up the £5,000 urgently needed to purchase hardware and servers supposedly needed to keep the site up and running.

Griffin's email appeal claims that the assault came from "eastern Europe and Russia" and that Clear Channel, a firm supplying Euro election billboard advertising services to the BNP, is also under attack and contemplating legal action.

However, Clear Channel, after checking with its US-based techies, said that it was not under any kind of cyber-attack, much less on the phone to its lawyers.

"To confirm - we have had no attack and we have filed no lawsuits," a spokeswoman told El Reg. "The BNP booked a small poster campaign in the run up to the European Elections."

Clear Channel has a policy of carrying advertising "from all the legal political parties, without bias or favour, and regardless of the company’s own views, as long as the advertising is legal and clearly branded for the relevant party".

A BNP spokesman politely told us on Tuesday morning that he was too busy helping to run its Euro election campaign to bother about technology. He said IT guys were too busy reconfiguring servers to speak and had nothing to say about Clear Channel's response that its site was not under attack.

Security firms contacted by El Reg said that a botnet hosted in Romania was firing off attack traffic at the BNP's website, but were unable to confirm the size of the assault. Jose Nazario, manager of security research at anti-DDoS technology firm Arbor Networks, confirmed there was a DDoS attack but wasn't able to gauge its size.

The site's been moving around some in the past few days. here's some recent history, my guess is they're trying to fight the ddos:

bnp.org.uk | 87.117.239.66 | Thu, 01 May 2008 02:50:40 UTC | Sat, 23 May 2009 23:26:39 UTC bnp.org.uk | 87.117.239.84 | Sun, 24 May 2009 20:51:57 UTC | Sun, 24 May 2009 20:51:59 UTC

That .66 IP has come under a SYN flood from at least one botnet. in this case the botnet was hosted in Romanian IP space.

I have no data on the attack's magnitude (BPS, requests per second, etc). but so far everything is consistent with a legitimate attack.

A technically knowledgeable person at the hosting firm managing the site approached El Reg, and on condition of anonymity agreed to explain what had happened.

"There was some attack traffic against the BNP website on Sunday or Monday," our source told us. "But it was hardly noticeable except that one server was taken offline. It's not one to write home about.

"The attack traffic was around 600Mbps, a volume that hardly hits our radar."

We understand that a letter advising the BNP that the hosting package it had signed on for when it moved its servers a few days ago is "not suitable" is in the post.

"Given the content they host, and the volume of traffic, the party needs a package that includes DDoS protection. This will cost a lot more than £5,000," our source explained, adding that no extra servers or any other hardware had been added to the BNP's website since the attacks began late last week.

We understand that the matter of whether the BNP's website breaks the hosting firm's terms and conditions is under review.

Independent sources at web metrics firm Netcraft confirmed that the BNP's website has recently moved hosting provider and changed configuration, moving from Apache to nginx. Its stats on the BNP's website can be found here.

So the BNP's site did experience a minor attack, but the suggestion that it was under the biggest cyberassault ever are pure hype, possibly geared towards reinforcing a siege mentality that encourages supporters into throwing more money at the controversial party.

Arbor's Nazario added that a large attack on the scale claimed would get noticed more widely.

I love how the BNP is claiming this is the largest attack the internet has ever seen. Far from it. While I don't have exact numbers, the absence of alerts on too many other ISPs that serve as their upstream suggests it's not. The botnet behind the attacks isn't super massive, either.

It's either a lie or ill-informed for them to be saying it's the largest attack.

®

Bootnote

*The supposed DDoS attack against Microsoft is, incidentally, something we're unable to find any reports about. The most prominent DDoS attack around that time was Mafiaboy's assault on eBay, Amazon et al, in September 2000.

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.