Yesterday the NewsVoice server was brought to its knees. A botnet in the USA attacked NewsVoice from 192,000 IP numbers, now all blocked. Concurrently the (news medium) Nya Dagbladet appears to have been shut down in a similar fashion. Coincidentally it happened when both news media published articles about widespread election fraud in the parliament elections.
By Torbjörn Sassersson, editor and founder of NewsVoice, an independent news and debate medium | Read this article in Swedish | Montage: NewsVoice. Photo: Gerd Altmann. Licens: CC0
NewsVoice has been attacked previously but the webhost Loopia stayed silent about how these attacks happened. We then wrote about “hacker attacks” but it was likely botnets even then. Now when NewsVoice has its own VPS-server and has entered in cooperation with a skilled IT technician it became obvious what happened this time.
Botnet in USA Retained
The technician describes how a botnet in USA attacked NewsVoice with an overload attack culminating on September 9, 10. It took place from thousands of infected and net-connected electronic apps (IoT equipment), everything from computers and cameras to printers. This is how botnets function. All equipment connected to the Internet can be sneak-prepared ahead via infection of scripts archived later.
“A botnet is a computer network of computers infected with data virus or Trojan Horses. Bot is derived from Robot. These computers connect to a centrally operated node where they are instructed to execute, f ex — DDoS attacks against connection points on the Internet. A botnet can exist of thousands of computers, often called zombies, distributed all over the world and with owners who don’t know that their computers are infected.” – Wikipedia
What is IoT?
“The Internet of Things [IoT] are everyday items like household appliances, clothing and accessories, but even machinery, vehicles and buildings, with built-in electronics and Internet connections which allow them to be directed to exchange data over the Net.” – Wikipedia
Attacks from 192,000 IP Numbers
The technician (who remains anonymous for now) blocked the 192,000 separate IP numbers from as many apparatuses and could measure up to 150,000 accesses per hour to certain selected files in the NewsVoice database compared with approx. 1000 accesses for a whole normal day.
He writes:
“Yes, it a pure overload attack, where they target files that take a little longer to respond, take that times 150,000 so the server gets tired.”
“…usually a pattern can be seen, that they f ex attack a special file or the like, but they are everywhere, on a bunch of things, plugins you don’t even have. They search with all the weapons they have.”
In the graph below, it is shown how the botnet attack swallowed 99-100% of the server capacity hour after hour except during the night of Sept 10 between 02:00 and 08:00 when the load dropped substantially until it rose again around 08:00 to maximum, just in time for the readers’ morning visit to NewsVoice.se. Even until 22:00 o’clock last night (Sept 10) was the load at 100%. Later in the evening most of the attacks were stopped by IP filtering and other means.
All these attacks came from the USA stated the technician. From other countries the traffic was normal. Attacks continue still today on September 11.
The Purpose of the Botnet Attack
The technician describes the purpose of the attack in these words:
“Often niches are attacked, I.e. several sites that have published something critical about something they don’t want to exist, or it’s pure shenanigans.”
A bot network can be retained through the right contacts and it usually costs approx. 5,000 Swedish Crowns per day [US$ 560] to keep a constant attack running. Since NewsVoice has noted the attack continuing over several days longer than two but culminating on Sept 9-10, it gets quite costly for the interested party who bought the service on the dark Internet market.
Björn Palmertz who is a senior analyst at the Defense Highschool in Stockholm says in an interview for SVT [Swedish “State” Television]:
“We are aware that bot networks are available to rent on the black market. It can involve accounts that work 24/7…”
SVT asks why bots are used to influence opinions. Palmertz replies:
“When it comes to influence it can in some instances be necessary to make it difficult to figure out who is behind something. Also, to want to appear as someone one is not.”
By Torbjörn Sassersson, editor NewsVoice