DoSWatch = Aggregated stories about the use of denial of service attacks and hacking as a form of censorship.

If you hear about such an event, or if you've been censored in this way, please email or use @DoSWatch on Twitter.

This is not a news site. Our goal is to collect and quickly summarize, not research and fact-check. Many details of these reports rely on translated pages, speculation, and/or anecdote, so should be treated as such. Link quality will vary.

*click for email

Wednesday, May 12, 2010

Blue Security - May 2006

DATE:
2006-05

AFFECTED COUNTRIES:
Israel, USA

AFFECTED SITES:
bluesecurity.com (primary target), typepad.com, livejournal.com, sixapart.com, and tucows.com-related sites

EFFECT OF ATTACKS:
Six Apart, et al unreachable for at least 8 hours, Tucows services unreachable for 12 hours, BlueSecurity.com unreachable for an extended period then shut down its website permanently.

SOURCE COUNTRY:
n/a

ALLEGED ATTACKERS:
"PharmaMaster" which SpamHaus links to Christopher J. Brown / Swank AKA Dollar, Joshua Burch / zMACK of Interactive Adult Solutions / BulkEmailSchool.com, Leo Kuvayev / BadCow, and Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov -- all spammers, etc.

TYPE OF ATTACK:
DDoS

ATTACK SPECIFICS:
2Gb-10Gb/second

EVENT DESCRIPTION:
The company that created Blue Frog, a service enabling users to opt out of spam by effectively spamming the spammers, was attacked and its users more heavily spammed with, among other things, accusations that they were using an illegal service and thus were criminals. The owner received an ICQ message from PharmaMaster who notified him that a high-level ISP would start blocking the site - which then happened. It was at that point the DDoS started. When the site redirected traffic to its blog in order to get around the backbone filtering, the blog host - Six Apart, along with its sites LiveJournal and TypePad - crashed as well. When Six Apart successfully defended, the attack reoriented towards BlueSecurity's host, Tucows, which had to eventually remove BlueSecurity's DNS records from its server without even providing notification - in contrast to Six Apart, who never took the blog down. The final step was to take BlueSecurity's paying customer data (clients that pay the company to protect their servers) and subject them to large attacks themselves. When the attack stopped and BlueSecurity got a message from the hacker that more will come, it decided to close up shop given the collateral damage.

URLS:
1. http://www.securityfocus.com/news/11392
2. http://www.securityfocus.com/brief/203
3. http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK551
4. http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK6643
5. http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932
6. http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK6138

Posted by  DoSWatch at 9:45 AM
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Archive