2012/05/03

A mistaken assumption in DDoS

AA419 is under a DDoS attack once again. This has become a regular event, yet never fails to silently amuse the AA419 members. It is a sure sign that we have hurt criminals.

There may be many reasons to DDoS a website. A DDoS may be a protest against institutions such as we have seen in the Anonymous DDoS'es on financial institutions and like in Operation Payback. They may be politically motivated as in the case of the Georgia DDos attacks. In a bizarre twist a DDoS may also actually be silently targeting clueless DDoS'ers who allow their systems to be used for "the cause", stealing their sensitive information like passwords and banking details.

However, as for the DDoS'es against AA419:
We are hurting the business of criminals by exposing them. These DDoS'es are revenge attacks, also an attempt at shutting us down. Scammers lose money and potential victims by us exposing their scams. We are also indirectly putting the spotlight on them. We can trace individuals back as far as 2004. This information has been used by the authorities on various occasions and will most likely be used again.

However the scammer that hires a botnet to DDoS us, uses flawed logic. AA419 is not a business. We have no profit motive, in fact no income. Our website being down does not hurt us financially.  Yet while the DDoS is ongoing, we are still shutting down websites. Not having to administer forums and list scam websites frees us up to concentrate on finding and having scam websites terminated. No forum spam, no database updating ... just pure scam website termination. We have a longstanding reputation of sending reliable abuse reports to service providers.

Of course there is another rather interesting aspect to being on the receiving end of a DDoS, studying the DDoS and related infrastructure used for the DDoS. Logs are kept and silently shared with the security community, a small additional way of making the net a safer place for all. A previous post on this blog gave a small insight into these activities.

AA419 will not get tired of the consistent DDoS'es. AA419 is not a person, AA419 is a regenerating community. Some of us were around when we experienced our first DDoS, others have since pursued other causes. New eager volunteers have filled their shoes. We have nothing to lose, yet everything to gain. Time is also on our side.

So, for now we are just "killing" scam sites, but we will be back.

A parting thought just for laughs: 
We tend to find and target a certain type of site during DDoS'es for take-down, resulting in more abuse reports for those type of sites, just like those that led to the DDoS initially.

Our power is not a website, our power is our reputation.

Well, signing off for now. A few more abuse reports need sending.