FBI to Investigate China-Based DDoS Attacks Against Change.org
Federal authorities are investigating the continuous distributed denial-of-service attacks that have crippled Change.org for the past week.
The Federal Bureau of Investigation's Cyber Squad will be investigating the DDoS attacks that brought down the Change.org servers for more than 12 hours on April 18, Change.org said on April 27. The grassroots petition Website has been hit by off-and-on attacks over the past 10 days.
"Change.org is currently experiencing intermittent downtime due to a denial of service attack from China on our Website," the company said on its Website.
While the company did "not know the reason or the exact source of these attacks," Ben Rattray, the founder of the site, blamed the attacks on hackers based in China, in retaliation for Change.org hosting a "Human Rights Petition" calling for the release of Ai Weiwei, a prominent Chinese artist. An outspoken critic, Ai Weiwei was detained by the Chinese authorities on April 3. More than 126,000 people have signed the petition as of April 28.
"It's pretty clear the attack is in response to the campaign," Rattray said.
An internal investigation traced the IP addresses related to the April 18 attack to computers located in Beijing and Hebei using China Unicom as the Internet service provider, according to Rattray. The number of computers being used in the attack is also increasing.
Attackers launch DDoS attacks using hundreds or thousands of hacked computers, often as part of a botnet, to send traffic to a Website, overwhelming it with data so it becomes inaccessible to anyone.
Anyone can post an online petition on Change.org for free in support of practically any cause and encourage other people to sign. The site lists 12 categories of causes, including animal rights, health issues and environment.
"We won't stop or take down anything because of this DDoS attack," Rattray said. "We believe in the fundamental right of the people to organize around issues they care about it."
Companies generally rely on a geographically disparate network and a big bandwidth pipe to withstand large DDoS attacks, Jason Hoffman, co-founder and chief scientist at cloud provider Joyent, told eWEEK. Many hosting services claim to have anti-DDOS capabilities, which usually mean being able increase the amount of bandwidth it can handle to absorb the attacks. The service provider or the upstream Internet service provider may also just block IP addresses or certain types of packets to mitigate the attack, according to Hoffman.
Change.org also contacted the U.S. State Department's Bureau of East Asian Pacific Affairs for assistance "within hours of the attack," Rattray said. Change.org is currently blocked in China because of its politically sensitive content.
Rep. Rosa DeLauro of Connecticut wrote a letter to Secretary of State Hillary Rodham Clinton to denounce the attacks and urge Chinese authorities to find and prosecute the hackers. House Minority Leader Rep. Nancy Pelosi of San Francisco added her support. "I join @rosadelauro in denouncing attacks from China on @change because of activism to free Ai Weiwei," Pelosi posted on Twitter.
If the attackers are really from China, Change.org is in good company. Blog publishing platform WordPress.com also reported being hit with a DDoS attack originating from China last month. The WordPress attack was not politically motivated, Automattic said at the time.
The Chinese government has repeatedly denied being part of any cyber-attacks, noting that attackers have targeted government servers in the past. Dillon Beresford, a security researcher at NSS Labs has recently publicized numerous serious vulnerabilities in government-owned e-mail servers, network issues and government databases that would allow attackers to steal sensitive information and login credentials. A recent report released by the Anti-Phishing Working Group found that attackers were "aggressively" targeting Chinese organizations.
It's possible that attackers are not based in China at all and are just covering their tracks using compromised computers.