CNN Attack Summary

Both Saturday and Sunday mornings my wife woke up, grabbed a quick bite to eat, and came back upstairs (I was sleeping in) to report, “CNN’s site seems fine.” She was right, of course, the site didn’t go offline.

The attacks were planned, it seems, to coincide with actual, real world demonstrations. Stratfor, a commercial geopolitical intelligence service I’ve been reading for many, many years, reported this in my inbox on Sunday:

Chinese protesters demonstrated for a second day April 21 against CNN and French retailer Carrefour, chanting and holding signs that read “Oppose Tibet independence,” “oppose CNN’s anti-China statements” and “Boycott Carrefour,” and demanding apologies from the companies for allegedly anti-China policies, Agence France-Presse reported. The rallies, in the Chinese cities of Xian, Harbin and Jinan, took place despite a significant police presence.

This same weekend, just before the attacks were to begin, they were delayed and eventually the online group allegedly behind the planned attacks disbanded. It’s unclear if CNN would have been taken offline had the attacks taken place, but the threat is always there.

Even after the attacks were called off, we saw evidence of some DDoS attacks, and CNN has confirmed it. Maybe not everyone got the message, or maybe someone just felt like grinding an axe. The attacks didn’t seem to disrupt their service much, and the network operators around CNN seemed to handle the attacks quite well. Most of the attacks were TCP SYN floods (still popular after all these years), targeting three different CNN websites. Attack intensity was pretty small on average, with the peak attack intensity still a modest (by global attack standards) 100 Mbps. Here’s a breakdown of the attacks as we saw them over the weekend.

Attack bandwidth peak: 100 Mbps, average: 20 Mbps
Attack duration peak: 30 minutes, average: under 15 minutes
Attack targets www2.cnn.com, www3.cnn.com, edition.cnn.com

Attacks by type
Attacks against CNN by type over the weekend

This sort of geopolitically motivated attack appears to be on the rise around the world, with China possibly now a hotbed of this sort of activity. We’ll keep on looking at these attacks and similar attacks around the world, they’re usually quite interesting to study.

2 Responses to “CNN Attack Summary”

April 22, 2008 at 7:43 pm, Benny K said:

FYI

Apparently, CNN.com DID had some small downtime according to Netcraft.

http://news.netcraft.com/archives/2008/04/22/cnn_site_bears_the_brunt_of_chinese_attackers.html
http://uptime.netcraft.com/up/performance?product=blog&site=www.cnn.com

Thank you for the information and insights so far !!!

April 23, 2008 at 12:15 am, Nik said:

http://sports.si.cnn.com/ was hacked by Chinese hackers on Monday. They were down for over a day.

For a summary see: http://shanghaiist.com/2008/04/21/chinese_hackers.php

Some argue that this is not a CNN site, however, it’s under cnn.com domain.

See also http://www.hackcnn.com (Chinese only)

Also, Chinese Carrefour web site might have been hacked. http://www.carrefour.com.cn/ No reports, but it is conspicuously under maintenance for two days.

Carrefour is the target because the Olympic torch was attacked in Paris [more viciously than elsewhere], and Carrefour is the largest foreign chain of supermarkets in China, where millions shop.

CNN is a target because their commentator called the Chinese “goons and thugs.” Also, because CNN manipulated photos of Tibetan protests (see http://www.anti-cnn.com/ )

Comments are closed.