The Day DDoS Brought Down Six Apart

17 Comments

_By Jackson West_

At around four o’clock on Tuesday afternoon, Six Apart and their properties Typepad, Typekey and LiveJournal all went dark after a Distributed Denial of Service (DDoS) attack that spokesperson Jane Anderson described as “very sophisticated.” ZDNet suspected that it was a DNS level attack. Q Daily News suggests that the problem arose when a Six Apart customer, Blue Security, rerouted an attack from their own domain to their TypePad-hosted blog. The problem persisted until at least midnight, and was officially resolved by noon on Wednesday.

“We’re not going into details. But obviously it was a criminal act,” said Anderson. “We’ve spoken to law enforcement as a result.” The Six Apart legal team has notified the FBI in the case, and Six Apart is apparently continuing to investigate the problem on their own — presumably to help defend itself against future attacks, as well as provide necessary details to the authorities. Of course, Blue Security themselves have come under fire for their anti-spam technology, which some say amounts to issuing DDoS attacks in retaliation against spammers.

Here is a blow-by-blow of the events of the past week, with BlueSecurity implicating a company called PharmaMaster.


The spammers apparently contacted BlueSecurity via ICQ with threatening messages, and may have even figured out how to specifically target BlueSecurity users for further harrassment. According to WSJ columnist and blogger Jeremy Wagstaff, BlueSecurity’s Eran Rashef is on the record as saying that he didn’t anticipate that the spammer would launch a DDoS attack on such a large player. “I didn’t think he was so crazy as to attack [Six Apart].”

Of course, no one wants to get caught in the middle when Russian spammers and Israeli security companies fight. When asked about the mood at Six Apart’s offices on the day of the attack, Anderson said that they took the attack “very seriously, as one can imagine,” working around the clock to solve the issue and restore service. When asked about the response from users, Anderson gushed, “Our users are just fabulous.” In her years working in the tech industry, “I’ve never encountered such enthusiastic users.”

17 Comments

John

Just to set the record straight. Blue sec didn’t divert the attack on to six apart. The attack on six apart came a full 40 minutes after the website was relocated.

It was a new and seperate attack and not part of the original attack.

Chintan Patel

Om, an offtopic query. Since when did Google start delivering flash/gif ads ! your website has “Ads by Google” but it shows some flashy things underneath ;)

Jackson West

Save for friends who work for SixApart, I have no stake in this. Does it feel like mob behavior? Hell yeah. And I treat spam like the high-pitched banter of salesmen in the souk — an extension of the salesman’s dominion. Still, it all amounts to noise pollution…

The point is getting caught in a scrape by being an unintentional witness. Bystander, a la SixApart, if you will.

billg

Arv, the general news media very likely didn’t publish URL’s and IP addresses because they believe a general audience wouldn’t find that useful. The specialist media, though, is another issue.

Arv

I just signed up with Blue Frog. The past few days have convinced me that they have the right tool for the job.

The news media has published a lot of info about Blue Security, but no name, no IP address, no URL’s for the “Russian Spammer”. Why is that? Are they trying to protect him from the rest of us? Or is the news media afraid that he might attack the their systems?

The Internet has public value only as long as it remains cost effective, efficient, and is not contributing to illegal, imoral, un-ethical, or offensive activity. Unwanted spam messages clearly are in the latter two categories, and indirectly undermine the efficiency and effectiveness of this data transport facility.
.

JLamb

(quote From http://spamkings.oreilly.com/archives/2006/01/underattackspammerbegsfor_1.html)

Under attack, spammer begs for mercy

A follow up to my recent post about a controversial campaign to pollute a mortgage spammer’s sites with bogus orders:Darren Brothers reports that Alex Polyakov, the target of his Kick a Spammer in the Nuts Daily retaliatory campaign, has cried uncle.

Brothers says he got a call early this morning from Polyakov. On the tape, an excited Polyakov complains that Brothers’ “Refi Retaliator” program is “killing my business.”

“How much money do I have to pay you? Surely we can work out something together!” says Polyakov.

JLamb

During the whole time with Blue Frog, they’ve only submitted single opt-out requests for each spam sent to them. That was what anyone with half a brain would consider reasonable. All the spammers had to do was to honor the opt out requests. But since you scumbag spammers have attacked Blue Frog and it’s users, we’ll just have to start using your spam with tools to submit hundreds of faked forms into the websites selling the crap that you are trying to force upon us. If choose to make war against ordinary people simply wanting to protect their Inboxes from your obscene garbage, then you’ll find you’ve taken on more than you bargained for. Your greed and stupidity will only cause retaliation. See how long your clients will want to keep paying you when their sites go down one after the other.

Moshe Maeir

I would highly suggest to Eran and Co. to get bodyguards…
This ain’t funny – it is big money

Sid

This article is incorrect and its focus is misguided. Blue Security isn’t doing anything wrong here.

Six Apart was brought down by a major low-life spammer. Methinks your displeasure is misguided.

Eliyak

I’d say that spam amounts to a DDoS attack on my inbox.

I just signed up with Blue Frog.

erik

This sounds to me like rival gangs “protecting their members”. Whats next? Drive-byes in Silicon Valley?

Bad Frogger

OH how sweet it is,
It’s just as simple as strength in numbers.
Join Blue Security people.
YOU CAN REALLY MAKE A DIFFERENCE.

Note to: “PharmaMaster” oops your
ignorance is showing.
PS- Suck it! From a large and growing
group of responsible netizens.
BWAA HAA HAA

GO! FROGS! GO!

colin1497

The amazing thing is, Bluefrog just got a HUGE publicity bump. There’s no such thing as bad publicity. I had blown off the frog as not likely to work until I saw this. Now I’m thinking, “looks like it’s bothering them, I should get on board.” This thing’s going to pick up serious momentum now.

johnnyt

Yes, it is very unfortunate that Six Apart felt the effects of this war. But your focus is completely misguided. Blue was not attacking Six Apart. The cyber CRIMINAL PharmaMaster and his trojaned bot army was. How about writing about PharmaMaster and how many laws he’s broken? The mere fact this CRIMINAL is attacking Blue so viciously implies that Blue is having a significant impact on spammers. And by the way, Blue’s methodolgy is NOT a DDoS retalitory attack on spam sites. They send ONE opt-out request for each one received by a Blue Member. That’s more than fair, and hey, if they can’t seem to handle thousands of these simultaneous opt-out requests from Blue members, too bad so sad. For me, I’m still running Blue Frog.

Delgado

Many of the people attacking Blue Security for what they describe as “DDoS attacks against spammers” are spammers themselves – hence their discomfort. Blue Security gives spammers more than adequate opportunity to avoid action against them. All they need do is remove Blue Security members from their lists and stop spamming them. If they refuse to comply they can count on several hundred thousands of LEGITIMATE complaints from members who have been spammed. It may happen in the course of these legitimate complaints some spam sponsor sites find they have difficulty in coping and/or lose business. The answer is a bit of a no-brainer (stop spamming Blue Security members), but since this term is often characteristic of spammers, on occasion they fail to comply and then take the consequences. Too bad. If you don’t mass complaints, get out of our mailboxes. It’s that simple.

And now a message for “PharmaMaster”, the “mastermind” (irony intended) behind the attacks on Blue Security:
That sound you hear is nearly half a million Blue Security members marching on you. Are you one of the biggest cretins on the planet? The reason I ask is that it would have occurred to anyone with an I.Q. above fifty that sooner or later the spam joyride would be over. Anyone with half a mind would cash in his chips and move into some other sleazy operation. Not you, stupid boy. Instead of taking the money and running, you now have every searchlight on the planet sweeping the sky for you, and all because you’re too much of a retard to face reality. We’re coming for you and we won’t stop. You have the techno tricks, but we have the numbers. We will keep going and keep growing until we hunt down and stamp out all the stinking spamming vermin like you. We don’t care who you are; we don’t care what you say; we don’t care what you think; we snap our fingers at your empty threats; we are taking back our mailboxes and we will prevail. Take your thumb out of your mouth and deal with it boy.

Zoli Erdos

Right after 6Apart they also brought down Tucows, all their domains, including blogs on their Blogware platform.

Comments are closed.