Whaleoil stranding, day 3: Site back online; police examine DoS attack

UPDATE / Jan 30 - 11.15am: Whaleoil is about to come back online, founder Cameron Slater says [UPDATE: the site came backonline around midday].

The site's server has been moved from New Jersey-based cloud hosting provider Linode to a new, un-named webhost that is using the San Francisco-based, security-focused Cloudflare as its front-end and content delivery network.

Slater has also revealed for the first time that authorities are taking the cyber attack on his site seriously. Police requested a raw feed of the DoS attack that Whaleoil offline Tuesday morning, he says.

He says he has had no feedback from police so far on the DoS attacks, but is awaiting a phone call to go in and update his statement. He expects an update from police at that time.

Slater says Google Analytics figures give Whaleoil an average of around 100,000 page views a day from around 15,000 unique visitors.

-------------

After meeting with police, Slater preps new server for site's return

UPDATE / Jan 30 - 8am: Whaleoil is offline for a third day.

Founder Cameron Slater says a new web server is being setup

However, there is no estimated time for his site to come back online. This is no ordinary server propagation as an unidentified and apparently well-resourced cyber attacker continues to circle, and various parties involved in the relaunch proceed (or don't) with nervous caution.

He tells NBR he spent three hours with police Wednesday afternoon, outlining and filing a complaint over death threats to himself and rape threats to his daughter, delivered by text and social media.  He had previously forwarded police (and NBR) the phone number from which a threatening txt was delivered. 

NBR phoned the number; it belonged to someone who said he knew Greymouth man Judd Hall, a passenger in a fatal drink-drive car crash Friday night. A post by Mr Slater described the West Coaster as feral. The man, who did not wish to be named, said he was furious over the way Whaleoil had covered the incident. There was no apparent link with the DoS assault on Slater's website. 


Whaleoil down for second day; Dotcom tells hackers to back off

UPDATE  / Jan 29: Whaleoil offline for a second day.

The site, under siege from an unknown cyber assailant, is now using, Cloudflare - a service that tries to protect a site by absorbing a DoS attack at the edge of a network.. But that and other measures have so far proved ineffective.

"We have Cloudflare up and running and we got a new IP [internet protocol address] and they went after that too," founder Cameron Slater told NBR late Tuesday. He says he is being pitched by various web hosting companies, and is evaluating alternative options.

Slater's site was first hit Monday night, by intermittent attacks. It has been offline since around 8am Tuesday morning, overwhelmed by an ongoing denial-of-service assault that has swamped its servers with connection requests. Denial-of-service (Dos) or distributed denial-of-service (DDos) attacks employ a network of "bots" or automated software, often housed on hijacked PCs, to overwhelm a website.

Dotcom: "Nonsense"
On social media and story comments, some have speculated Kim Dotcom could be behind the DoS attacks (Slater, a frequent critic of the accused pirate, recently published a leaked document outlining strategy suggestions for Dotcom's Internet Party, and outed erstwhile Scoop editor Alistair Thompson as a party operative). 

Dotcom told NBR last night, "That's nonsense. I have nothing to do with the attack on Whaleoil. I'm for Internet Freedom, remember? That includes Whaleoil."

To his followers on Twitter, Dotcom tweeted, "Hackers, please stop attacking @Whaleoil. I really enjoy his 'Map of the day' section & shutting down websites is so 2012. #InternetFreedom."

Cheap to attack, expensive to clean up
"DDoS attacks are relatively cheap and easy to organise," says Robin Dickie, general manager of hosting company Web Drive.

Botnets, which are frequently used to conduct attacks can be rented from the murkier corners of the internet at low cost.

"The use of botnets makes tracking the parties initiating the attack very difficult, as generally they are not running the attack from their own network or equipment," the Web Drive GM says.

"On the other side, the mitigation of an attack can be very expensive, time consuming and disruptive for website owners.

The average DDoS attack requires 1 gigabit per second of bandwidth to handle, which for a website owner can mean substantial bandwidth costs, in addition to the labour and cost of mitigation, he says.

Webdrive, which hosts NBR ONLINE, uses a similar technology to Cloudflare to keep DDoS attacks at bay, Dickie says (although it has not been immune to attack; NBR was offline for an hour last July as it became collatoral damage in a site on another Web Drive client).

Attacks across the spectrum
While Whaleoil has no shortage of foes, Dickie says he's hardly alone in falling under attack.

"At Web Drive over the years, we have seen attacks on both sides of the political spectrum as well as outright extortion attempts," he says. 

ckeall@nbr.co.nz


Cyber attack takes Whaleoil offline; Slater complains to police over death threats

Jan 28: Cam Slater's Whaleoil site was offline early this afternoon after being swamped by a denial-of-service attack (which sees a malicious hacker buy space on a network of hijacked PCs to send an avalanche of connection requests that overwhelm a website's capacity).

"It's a DoS attack, originating in New Zealand," Mr Slater told NBR.

The site went down several times last night under DoS attack, then was taken offline completely at around 8am this morning.

The controversial blogger has no shortage of enemies. He named a couple of people covered by recent Whaleoil stories whom he thought could be responsible for today's attack - but you'll have to wait until his site goes back online to read those (so far) unsubstantiated allegations.

"I have also been getting death threats via text and on Facebook," Mr Slater told NBR. 

The cellphone and Facebook threats do not seem to be related to the DoS attack; it's just a particularly bad day at the Whaleoil office.

"I have notified police, especially [over] the text messages," Mr Slater said.

He had the number of one of the text message senders, which he was forwarding to the police. NBR phoned the number; it belonged to someone who said he knew Greymouth man Judd Hall, who was killed in car crash Friday night. A post by Mr Slater described the West Coater as feral. The man, who did not wish to be named, said he was furious over the way Whaleoil had covered the incident.

"There's a town full of people bloodthirsty for that c***," he told NBR, before saying he did not want to answer any more questions and hanging up.

The blogger has posted two of the texts to his Facebook page (warning: language).

Mr Slater said he was working with Whaleoil's web host, Linode, to get the site back online.

"We're implementing some DoS protection and had to update the DNS [domain name server], but those changes are flowing through now."

ckeall@nbr.co.nz

50
Login in or Register to view & post comments