Posted on Monday, April 21st, 2008 | Bookmark on del.icio.us

CNN Attack Summary

by Jose Nazario

Both Saturday and Sunday mornings my wife woke up, grabbed a quick bite to eat, and came back upstairs (I was sleeping in) to report, “CNN’s site seems fine.” She was right, of course, the site didn’t go offline.

The attacks were planned, it seems, to coincide with actual, real world demonstrations. Stratfor, a commercial geopolitical intelligence service I’ve been reading for many, many years, reported this in my inbox on Sunday:

Chinese protesters demonstrated for a second day April 21 against CNN and French retailer Carrefour, chanting and holding signs that read “Oppose Tibet independence,” “oppose CNN’s anti-China statements” and “Boycott Carrefour,” and demanding apologies from the companies for allegedly anti-China policies, Agence France-Presse reported. The rallies, in the Chinese cities of Xian, Harbin and Jinan, took place despite a significant police presence.

This same weekend, just before the attacks were to begin, they were delayed and eventually the online group allegedly behind the planned attacks disbanded. It’s unclear if CNN would have been taken offline had the attacks taken place, but the threat is always there.

Even after the attacks were called off, we saw evidence of some DDoS attacks, and CNN has confirmed it. Maybe not everyone got the message, or maybe someone just felt like grinding an axe. The attacks didn’t seem to disrupt their service much, and the network operators around CNN seemed to handle the attacks quite well. Most of the attacks were TCP SYN floods (still popular after all these years), targeting three different CNN websites. Attack intensity was pretty small on average, with the peak attack intensity still a modest (by global attack standards) 100 Mbps. Here’s a breakdown of the attacks as we saw them over the weekend.

Attack bandwidth peak: 100 Mbps, average: 20 Mbps
Attack duration peak: 30 minutes, average: under 15 minutes
Attack targets www2.cnn.com, www3.cnn.com, edition.cnn.com

Attacks by type
Attacks against CNN by type over the weekend

This sort of geopolitically motivated attack appears to be on the rise around the world, with China possibly now a hotbed of this sort of activity. We’ll keep on looking at these attacks and similar attacks around the world, they’re usually quite interesting to study.

This entry was posted on Monday, April 21st, 2008 at 9:55 am and is filed under ATLAS, Attacks, Botnets. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses | Add your own



Comment Post by: Benny K — April 22nd, 2008 @ 7:43 pm EST  Reply

FYI

Apparently, CNN.com DID had some small downtime according to Netcraft.

http://news.netcraft.com/archives/2008/04/22/cnn_site_bears_the_brunt_of_chinese_attackers.html
http://uptime.netcraft.com/up/performance?product=blog&site=www.cnn.com

Thank you for the information and insights so far !!!

Comment Post by: Nik — April 23rd, 2008 @ 12:15 am EST  Reply

http://sports.si.cnn.com/ was hacked by Chinese hackers on Monday. They were down for over a day.

For a summary see: http://shanghaiist.com/2008/04/21/chinese_hackers.php

Some argue that this is not a CNN site, however, it’s under cnn.com domain.

See also http://www.hackcnn.com (Chinese only)

Also, Chinese Carrefour web site might have been hacked. http://www.carrefour.com.cn/ No reports, but it is conspicuously under maintenance for two days.

Carrefour is the target because the Olympic torch was attacked in Paris [more viciously than elsewhere], and Carrefour is the largest foreign chain of supermarkets in China, where millions shop.

CNN is a target because their commentator called the Chinese “goons and thugs.” Also, because CNN manipulated photos of Tibetan protests (see http://www.anti-cnn.com/ )

Leave a Comment