Controversial world chess tournament website struck by denial-of-service attack

Might angry chess fans be behind the attack?


There is plenty of anger in the chess world right now.

The World Chess Candidates Tournament - the competition which will decide who will go forward to challenge Magnus Carlsen in the world title match in November - is taking place in Moscow.

If you’re a chess fan like me, you might be interested in following the games over the internet.

Well, good luck with that.

Because, Agon - the organisers of the Candidates Tournament - astonished the chess community when it announced that not only the video footage but also the actual chess moves played in the games will be available exclusively on its website (and Norwegian TV channel NRK):

All video footage as well as the moves from each game will be shown exclusively at and by approved broadcast partners in certain countries.

This is a substantial change from the way chess has been broadcasted. Previously it was common practice that all websites were able to receive moves without broadcast limitations, resulting in a diffusion of major tournaments’ audiences and sponsorship values.

The move is designed to enhance and safeguard the viewing experience for chess fans and to protect the commercial future of World Championship events.

Chess websites like are up in arms over the decision, and have been reporting on the reaction from disgruntled chess fans worldwide.

So, your only chance of legally following the games it seems, is to visit the website.

But there’s a problem. According to the World Chess Candidates Twitter account, the site is suffering from a denial-of-service attack.

Chess tweet

Chess players didn’t seem terribly sympathetic in their response to the news of the website’s woe.

No sympathy

Sure enough, when I tried to watch a live match, I was greeted by a disappointing error message rather than a Berlin Defence.

Oh dear

Oh dear. That’s not going to impress the event’s sponsors very much.

PS. If you want to challenge me to a game of chess, I’m gcluley on Be gentle with me.

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

7 Responses

  1. RichardL

    March 11, 2016 at 4:38 pm #

    It is unfortunate that corporate greed is spoiling this great event. The online interface lacks some key features that chess fans will miss e.g. move list, engine analysis (not that silly little graph).

  2. drsolly

    March 11, 2016 at 9:34 pm #

    How do they know it’s a DOS attack and not just a case of too many chess nuts crowding into the same foyer?

    • Bob in reply to drsolly.

      March 11, 2016 at 11:49 pm #

      You can normally detect DDOS by the IP ranges involved, heuristic analysis, access patterns, country of origin, client accessing site plus many other identifiers. On there own each element wouldn’t be suspicious but put together it is generally obvious that you’re being attacked.

      You’d also think that they’d have allocated more than enough bandwidth for genuine chess fans but they’ve been swamped by a DDOS.

      • coyote in reply to Bob.

        March 12, 2016 at 2:10 am #

        Something tells me the Doctor wasn’t entirely serious.

        But even if he was, without the actual evidence it’s hard to say it is a DoS or a DDoS attack or anything else.

        Another possibility: they made a terrible mistake and they shifted the blame. I grant you that the max. number of clients reached does make an attack a plausible explanation but let’s be honest… the old octopus exploit could manage this (that is, too many connections reached) by itself. It doesn’t require much bandwidth to pull that off, does it? Then you have e.g. sloworis as another low bandwidth attack. There are others which might or might not be applicable (and no, I’m not suggesting any of these are actually being used).

  3. coyote

    March 12, 2016 at 2:13 am #

    PS. If you want to challenge me to a game of chess, I’m gcluley on Be gentle with me.’

    Do you not consider yourself good, then ? I would say I used to be decent (though certainly not even close to competition level) but I’ve not really played in such a long time.. otherwise I’d consider it. I just don’t have anyone to play with and it’s such a low priority that I don’t try to improve.

  4. Stanza

    March 12, 2016 at 1:32 pm #

    They are hosting on Amazon, which should be relatively DDoS proof if configured correctly.

  5. Ivanov

    March 18, 2016 at 3:33 pm #

    When you have the morons at FIDE making the deals, It is doomed to failure. FIDE has never done anything right ever, Now they just added insult to injury is ruining the game even future. Lack of advertisement is a key issue in preserving the game yet FIDE does none. Broadcasting the games so kids around the world can watch and learn was not done either. These idiots at FIDE have set the game back to what it was before my good friend who passed away Bobby FIscher put the game on display for the world to see.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.