DDoS gang takes down BBC websites, Donald Trump's campaign site over holiday weekend

A group of computer criminals used two separate distributed denial-of-service (DDoS) attacks to bring down all of the BBC's websites and Donald Trump's main campaign site over this past holiday weekend.

The story begins on New Year's Eve, when all BBC sites, including its iPlayer service, went dark for three hours.

Bbc down

At the time, the UK-based news organization reported that the outage was the result of a "technical issue". It later stated that a group calling themselves the "New World Hackers" had claimed credit for launching a DDoS attack against the broadcaster, as a "test of its capabilities"

New world news claims credit for the attack

Since then, one of the group's members who identified himself as "Ownz" took the opportunity to send a screenshot to ZDNet of the web interface that was used to attack the BBC.

If the screenshot is legitimate, the group allegedly employed their own tool called BangStresser to launch an attack of up to 602 Gbps - a volume of traffic that well-surpasses the largest attack on record at 334 Gbps, as documented by Arbor Networks in the middle of year.

BangStresser

Not untypically, BangStresser is itself protected from DDoS attacks by CloudFlare - one of the popular DDoS mitigation services often deployed by websites keen to protect themselves from attackers.

The attack apparently made use of two Amazon Web Services servers, but managed to skirt around the company's automated misuse detection systems as Ownz explained in an interview with ZDNet:

"We have our ways of bypassing Amazon. The best way to describe it is we tap into a few administrative services that Amazon is use to using. The [sic] simply set our bandwidth limit as unlimited and program our own scripts to hide it."

Donald trumpNo other information has yet been provided about the attack. But whatever else transpired, the group was sufficiently pleased that they decided to use BangStresser to launch a DDoS against Donald Trump's official campaign website, donaldjtrump.com, just a few days later.

According to Softpedia, Trump's website went down immediately on Saturday, January 2 and remained dark for several hours until DDoS mitigation solutions were put in place.

The attacks, however, remained ongoing throughout the day against mail.trump.com domain, the Trump Organization's Webmail service.

Trump's camp has yet to officially address the incident. A statement posted on Saturday by Trump's campaign advisers (and redistributed via HackRead) attributed the downage to "an unusually high volume of traffic" only.

On Monday, Real Forums sat down with members of the group to inquire about their New Year's exploits. Here's what they had to say:

"Our reasons behind the BBC attack was just a test of our capabilities. Although, the Trump site was the target. He can be very racist. We didn't mean to cause as much damage as we did to BBC, but for Trump, Yes."

The group goes on to state that it plans to launch additional DDoS attacks against Trump and other large organizations like the BBC. The group also specifically mentions ISIS and the Ku Klux Klan as future targets.

We're not a week into 2016, and we've already witnessed DDoS attacks that have succeeded in taking down the websites of major news organizations and U.S. political candidates. It just goes to show that while malware is on the rise, DDoS attacks are not going anywhere in the New Year.

As we all get back to work, we should therefore take the time to make sure our enterprises have the necessary DDoS mitigation technologies in place.

Tags: , , ,

Smashing Security audio podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Vanja Svajcer, and Carole Theriault.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Listen now

Subscribe to the free GCHQ newsletter

, , ,

Leave a reply

3 Comments on "DDoS gang takes down BBC websites, Donald Trump's campaign site over holiday weekend"

Notify of
avatar
Sort by:   newest | oldest | most voted
coyote
Member
Poster Venti
coyote

Well if Trump's website is anything like what you hear him say (no matter which country but in this case specifically about his presidential campaign) it isn't like there is much to go by: not answering direct questions (something all politicians are great at, granted) … instead only giving vague answers and saying things like (and I'm not quoting him; to quote him would mean I would have to follow such a bigot and I have little patience for bigotry) "Trust me." or "You'll like it."; demonstrating bigotry, arrogance, etc. Then I ask:

What is the loss of message ? Typical of a politician to dismiss these things as unusually high traffic, of course. Do we need to be reminded that his website was defaced (oh and other kinds of breaches in some of his organisations over the years), too ? I guess I shouldn't have asked. But since I did – https://www.hackread.com/donald-trumps-website-hacked-jon-stewart/

… otherwise, I wonder if these are the attackers that attacked the BBC a few weeks back (maybe more than that but within past two months maybe – rough guess). It was also a DDoS attack.

Alex
Visitor
Alex

Agree with Trump's message or not, it's his right to voice it. Just as you have the right dislike it.

You pompously run your mouth a lot here. It's obvious you're deeply in love with your own words and expect everybody else to be the same.

Yet while you seem to expect and demand the right to say what the hell you want without interference, you seem to think it's fine to deny Trump the same.

Hypocrite much?

coyote
Member
Poster Venti
coyote

I shouldn't even bother with people like you. No, I didn't say it was okay. Here's something for you:

https://en.wikipedia.org/wiki/Reading_comprehension

I hope you never, ever become a proofreader, because you would be an utter failure at it.

Also, it always amuses me when people tell me I love myself because actually I've told others that as far as value is concerned, I'm worth less than dirt.

That being said, I definitely admit I say 'what the hell I want' but that's because I'm a nonconformist and rebel and always have been. But as for running my mouth here? Not really; that's just your interpretation (.. and/or inability to appreciate sarcasm, satire, etc.) out of your wish to find something wrong with what I say. You know what though? I'm perfectly okay with it. See what I just did?

wpDiscuz