Weekend of Olympic flame and CNN attacks
April 21st, 2008By Supranamaya Ranjan
Throughout this weekend, CNN’s website was under threat of a DDoS attack purportedly being planned by a group called Revenge of the Flame (source: DarkVisitor blog). Fortunately, there were no large scale attacks and CNN.com was very much up and running. The weekend plot involved dramatic twists and turns that Hitchcock would have been proud of. First, the hacker group postponed the attack since the news had leaked far and wide. Later for reasons unbeknownest to us, the group called off the attack completely and even disbanded.
Despite calls by the group for halting the attack, there were relatively smaller scale attacks that did happen over the weekend. May be the calls to stop didn’t propagate to the participants as far and wide. Multiple sites of CNN (www.cnn.com, www4.cnn.com, edition.cnn.com) were the target of these attacks. NarusInsight Secure Suite (NSS) reported 2 different kinds of attacks going towards CNN - ICMP flood attacks and TCP SYN flood attacks. Interestingly the attacks had very similar signatures, e.g. an instance of a SYN flood involved the attacker distributing his packets across multiple source ports while sending exactly the same number of packets per source port). This can be expected given that the hacker group had made it easy for the novice who could download a script to launch the attack.
The highest bandwidth attack seen by NSS was an 80 Mbps SYN flood attack, while the others were much less than that. Regardless, the attacks were never big enough to bring down CNN and much to our joy we could continue reading about the Pennsylvania primary, the olympic torch being relayed around the world and all the other stuff that gets us up in the morning.