

Change.org victim of DDoS attack from China  - alphadoggs
http://www.networkworld.com/news/2011/042011-changeorg-victim-of-ddos-attack.html

======
trotsky
While change.org states their opinion that "It's pretty clear the attack is in
response to the [Ai Weiwei] campaign" and strongly implies that it's the
Chinese government responsible, it seems a bit of a leap to me.

First, DDOS is not something that the Third Department seems to do much of.
They'd be much more likely to spearphish people at change.org and then host
some malicious code on the website. The "Jasmine Revolution" calls for protest
was something that the entire party was very pissed about, but those calls
emerged from a relatively small blogging service based in north carolina that
would have been easy to take down - yet nothing happened.

Second, DDoS source country != DDoS controller. This should be obvious to
everyone. Obviously when anon DDoS'd paypal et al. most of that traffic was
coming from the US, but no one thinks the US was behind it. China has some of
the highest rates of infected computers on the net, obviously many of those
will be in bot nets that can be rented for any purpose. When you hire zombies
it's quite possible to specify what countries you want them to be in.

Clearly it's become quite common to blame China for hacking very quickly. A
lot of the time that's only based on something like the IP address of the CnC
host being based in Beijing. The difference here is that's usually a safe bet
because of the PLA's massive ongoing program of malware based espionage.

Here they really don't have the same history. I'm sure a program like
change.org has a lot of people who don't like them, and who better in this
environment to try to blame your bad actions on than China? Hell, the story is
a big potential boost for change.org publicity too. At the current time the
web site seems to be dealing pretty well. Surprisng considering a spot like
that should be able to fall to just a handful of computers doing slow posts.

~~~
ximeng
I agree that it's a leap to establish a connection with the Chinese government
based on the information in this post. However the Chinese government or
internet providers are presumably in a position to track down and remove the
control servers. If they don't do this they are likely to continue to be
blamed for this attack and similar attacks in the future. This is true even if
they are not directly responsible or do not approve of the actions.

------
andrewcooke
If it wasn't for the DDoS attempt I wouldn't have heard of that, or signed
it...

