Feeds

BNP DDoS 'mega-assault' not actually mega in the least

It was eight, no ten really big lads that jumped me

The Essential Guide to IT Transformation

A supposedly massive denial of service attack against the British National Party website has been exposed as a gross exaggeration.

The assault, which began on Friday, was described by the party in an email appeal for funds as the "largest cyber attack in recorded history" and comparable only to a 2001 assault against Microsoft*. Nick Griffin, leader of the controversial far-right political party, asked the party's supporters to stump up the £5,000 urgently needed to purchase hardware and servers supposedly needed to keep the site up and running.

Griffin's email appeal claims that the assault came from "eastern Europe and Russia" and that Clear Channel, a firm supplying Euro election billboard advertising services to the BNP, is also under attack and contemplating legal action.

However, Clear Channel, after checking with its US-based techies, said that it was not under any kind of cyber-attack, much less on the phone to its lawyers.

"To confirm - we have had no attack and we have filed no lawsuits," a spokeswoman told El Reg. "The BNP booked a small poster campaign in the run up to the European Elections."

Clear Channel has a policy of carrying advertising "from all the legal political parties, without bias or favour, and regardless of the company’s own views, as long as the advertising is legal and clearly branded for the relevant party".

A BNP spokesman politely told us on Tuesday morning that he was too busy helping to run its Euro election campaign to bother about technology. He said IT guys were too busy reconfiguring servers to speak and had nothing to say about Clear Channel's response that its site was not under attack.

Security firms contacted by El Reg said that a botnet hosted in Romania was firing off attack traffic at the BNP's website, but were unable to confirm the size of the assault. Jose Nazario, manager of security research at anti-DDoS technology firm Arbor Networks, confirmed there was a DDoS attack but wasn't able to gauge its size.

The site's been moving around some in the past few days. here's some recent history, my guess is they're trying to fight the ddos:

bnp.org.uk | 87.117.239.66 | Thu, 01 May 2008 02:50:40 UTC | Sat, 23 May 2009 23:26:39 UTC bnp.org.uk | 87.117.239.84 | Sun, 24 May 2009 20:51:57 UTC | Sun, 24 May 2009 20:51:59 UTC

That .66 IP has come under a SYN flood from at least one botnet. in this case the botnet was hosted in Romanian IP space.

I have no data on the attack's magnitude (BPS, requests per second, etc). but so far everything is consistent with a legitimate attack.

A technically knowledgeable person at the hosting firm managing the site approached El Reg, and on condition of anonymity agreed to explain what had happened.

"There was some attack traffic against the BNP website on Sunday or Monday," our source told us. "But it was hardly noticeable except that one server was taken offline. It's not one to write home about.

"The attack traffic was around 600Mbps, a volume that hardly hits our radar."

We understand that a letter advising the BNP that the hosting package it had signed on for when it moved its servers a few days ago is "not suitable" is in the post.

"Given the content they host, and the volume of traffic, the party needs a package that includes DDoS protection. This will cost a lot more than £5,000," our source explained, adding that no extra servers or any other hardware had been added to the BNP's website since the attacks began late last week.

We understand that the matter of whether the BNP's website breaks the hosting firm's terms and conditions is under review.

Independent sources at web metrics firm Netcraft confirmed that the BNP's website has recently moved hosting provider and changed configuration, moving from Apache to nginx. Its stats on the BNP's website can be found here.

So the BNP's site did experience a minor attack, but the suggestion that it was under the biggest cyberassault ever are pure hype, possibly geared towards reinforcing a siege mentality that encourages supporters into throwing more money at the controversial party.

Arbor's Nazario added that a large attack on the scale claimed would get noticed more widely.

I love how the BNP is claiming this is the largest attack the internet has ever seen. Far from it. While I don't have exact numbers, the absence of alerts on too many other ISPs that serve as their upstream suggests it's not. The botnet behind the attacks isn't super massive, either.

It's either a lie or ill-informed for them to be saying it's the largest attack.

®

Bootnote

*The supposed DDoS attack against Microsoft is, incidentally, something we're unable to find any reports about. The most prominent DDoS attack around that time was Mafiaboy's assault on eBay, Amazon et al, in September 2000.

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.