Over the weekend you might have noticed that SOFREP was loading slowly on your computers and phones. This is because we were experiencing a denial-of-service (DoS) attack.

A DoS is when an attacker floods an online server, handling web traffic, with access requests with the intent of denying access to legitimate users. If you can imagine a website as a building with many entrance doors, a DoS attack serves to block all the entrances to prevent anyone, like our readers, from getting in. The desired effect is to crash the website so that no one can access it. Since these attacks tend to be directed at high-end media, commerce, banking, and government agencies, we are kinda flattered by the attention. This is the first time we have been under this kind of attack.

We noticed a sudden spike in traffic over the weekend all coming from a server located in France. Since most of our traffic originates in the U.S. this sent us to General Quarters, and all guns were manned and ready within a couple of minutes.

Without going into the technical details, defeating it was simply a matter of blocking the IP address that was sending the traffic and then watching to see if the attack would be renewed from another source.  Whoever was behind this was probably surprised by how quickly we were able to counter it. They gave up rather quickly on that tactic, which also reflects the relatively low level of sophistication behind the attack.

They also attempted to sign up as a member in order to get internal access to the site. That was quickly caught, as well, and defeated.

We expect to be attacked again at some point since this is a business model for some people and even governments like China, Russia, and North Korea which actively sponsor criminals who gain access to websites and then hold them for ransom.

This attack may have been a probe to test our defenses. The next attack on the perimeter will probably be in the form of a distributed-denial-of-service (DDoS) attack. A DDoS attacks a website from multiple systems working in coordination. The general idea is that it is more difficult to defend from attacks from several directions at once. These attacks take some serious resources to pull off but are difficult to sustain over time because of the number of resources needed.

They are normally used against much larger targets with a greater prospect of financial gain for the attackers. That gain comes through ransom demands for money (paid in untraceable crypto-currency) in return for ceasing the attack. In the case of the attack against us, we were able to beat it back pretty easily so no demand was sent to us.

DDos architecture
(Wikimedia Commons)

Smaller websites with good defenses are probably harder to attack than really big ones, simply by virtue of having a smaller perimeter to defend.

SOFREP is also sandbagged pretty well. We have some counter-attack tools at our disposal, for example diverting the barrage of bogus access requests to another location, like the servers at the National Security Agency or Israel’s intelligence service, the Mossad. These folks have enormous server capacity that wouldn’t be affected by our deflection of an attack, and these petty criminals don’t want to attract the notice of the cyber defense abilities of states.

Anyway, sorry if you noticed any slowdown of the site over the weekend, but we were engaged in a small skirmish in the ongoing war between web-commerce and criminals using the internet to steal money. Since it was the first attack we have experienced, it gave us the chance to test our defenses and countermeasures. We were pleased to see that they worked very well.