NewsVoice Attacked by a Botnet in the U.S.

Torbjorn Sassersson is the founder of NewsVoice.se a news and debate channel that started in 2011. Sassersson (bachelor of science) has worked within media since 1995.
publicerad 11 september 2018
- T. Sassersson
Montage NewsVoice. Foto Gerd Altmann. Licens: CC0, Pixabay.com

Yesterday the NewsVoice server was brought to its knees. A botnet in the USA attacked NewsVoice from 192,000 IP numbers, now all blocked. Concurrently the (news medium) Nya Dagbladet appears to have been shut down in a similar fashion. Coincidentally it happened when both news media published articles about widespread election fraud in the parliament elections.

By Torbjörn Sassersson, editor and founder of NewsVoice, an independent news and debate medium | Read this article in Swedish | Montage: NewsVoice. Photo: Gerd Altmann. Licens: CC0

NewsVoice has been attacked previously but the webhost Loopia stayed silent about how these attacks happened. We then wrote about ”hacker attacks” but it was likely botnets even then. Now when NewsVoice has its own VPS-server and has entered in cooperation with a skilled IT technician it became obvious what happened this time.

Botnet in USA Retained

The technician describes how a botnet in USA attacked NewsVoice with an overload attack culminating on September 9, 10. It took place from thousands of infected and net-connected electronic apps (IoT equipment), everything from computers and cameras to printers. This is how botnets function. All equipment connected to the Internet can be sneak-prepared ahead via infection of scripts archived later.

”A botnet is a computer network of computers infected with data virus or Trojan Horses. Bot is derived from Robot. These computers connect to a centrally operated node where they are instructed to execute, f ex — DDoS attacks against connection points on the Internet. A botnet can exist of thousands of computers, often called zombies, distributed all over the world and with owners who don’t know that their computers are infected.” – Wikipedia

What is IoT?

”The Internet of Things [IoT] are everyday items like household appliances, clothing and accessories, but even machinery, vehicles and buildings, with built-in electronics and Internet connections which allow them to be directed to exchange data over the Net.” – Wikipedia

Attacks from 192,000 IP Numbers

The technician (who remains anonymous for now) blocked the 192,000 separate IP numbers from as many apparatuses and could measure up to 150,000 accesses per hour to certain selected files in the NewsVoice database compared with approx. 1000 accesses for a whole normal day.

He writes:

“Yes, it a pure overload attack, where they target files that take a little longer to respond, take that times 150,000 so the server gets tired.”

”…usually a pattern can be seen, that they f ex attack a special file or the like, but they are everywhere, on a bunch of things, plugins you don’t even have. They search with all the weapons they have.”

In the graph below, it is shown how the botnet attack swallowed 99-100% of the server capacity hour after hour except during the night of Sept 10 between 02:00 and 08:00 when the load dropped substantially until it rose again around 08:00 to maximum, just in time for the readers’ morning visit to NewsVoice.se. Even until 22:00 o’clock last night (Sept 10) was the load at 100%. Later in the evening most of the attacks were stopped by IP filtering and other means.

Belastningsattack mot NewsVoice 10 sep 2018
Overloading attack against NewsVoice Sep 10 2018

All these attacks came from the USA stated the technician. From other countries the traffic was normal. Attacks continue still today on September 11.

The Purpose of the Botnet Attack

The technician describes the purpose of the attack in these words:

“Often niches are attacked, I.e. several sites that have published something critical about something they don’t want to exist, or it’s pure shenanigans.”

A bot network can be retained through the right contacts and it usually costs approx. 5,000 Swedish Crowns per day [US$ 560] to keep a constant attack running. Since NewsVoice has noted the attack continuing over several days longer than two but culminating on Sept 9-10, it gets quite costly for the interested party who bought the service on the dark Internet market.

Björn Palmertz who is a senior analyst at the Defense Highschool in Stockholm says in an interview for SVT [Swedish ”State” Television]:

Bjorn Palmertz - Press photo: Fhs.se
Bjorn Palmertz – Press photo: Fhs.se

“We are aware that bot networks are available to rent on the black market. It can involve accounts that work 24/7…”

SVT asks why bots are used to influence opinions. Palmertz replies:

“When it comes to influence it can in some instances be necessary to make it difficult to figure out who is behind something. Also, to want to appear as someone one is not.”

By Torbjörn Sassersson, editor NewsVoice


Du kan stötta Newsvoice via MediaLinq