News & Politics

Gawker May Have Tough Time ID’ing ‘DDoS’ Attacker, Says Guy Who Caught His Own Hacker Assailant

by

Gawker tells the New York Times that it’s been unable to figure out who was behind the online attack that took down its various websites on Sunday and Monday.

For long stretches on those two days, all of Gawker Media’s sites were either totally down or just crawling as its servers were overwhelmed by a “DDoS” attack.

That’s “Distributed Denial of Service,” which is geek for “some dude swamping your server with bullshit to keep it from working properly.” In order to make sure a website’s servers have too much to handle at one time, DDoS attackers enlist robot armies of thousands of computers, whose actual owners are clueless that they’re part of a criminal enterprise.

We’d heard about these kinds of attacks in the past, and we’d even been reading recently about how the FBI in June took down a DDoS attacker who had also targeted New York publications.

Through much of 2007 and into 2008, a man named Bruce Raisley unleashed repeated DDoS attacks, crippling Radar magazine’s website at one point and also slowing down RollingStone.com, as well as several other websites.

One of those sites was RickRoss.com, the bailiwick of a well-known cult deprogrammer that we’ve been writing about for many years. It was Ross who helped the FBI figure out that Raisley was behind the attacks on Radar and Rolling Stone and ultimately led to his arrest.

So we called up Ross and asked, hey Rick, if you were able to track down your DDoSer, why can’t Gawker figure out who’s slamming them?

The tough part for Gawker, he told us, will be identifying an attacker who hit them for such a short period.

“Most DDoS attackers are like drive-by shooters. They attack, and then they disappear,” he says.

“But the attack on my site was very unusual,” he adds. Raisely went
after him night and day for months. That gave Rick’s computer expert,
Zenon Panoussis, time to locate its source
— Eastern European zombie computer armies in places like Slovenia that were controlled from the U.S. (A Slovenian security team helped the FBI figure out that Raisley, in Arkansas and
then Pennsylvania, was the real source.)

But that’s the exception, Ross points out. DDoS attacks are so hard to
track down, some times websites aren’t even aware that one is happening.

Rolling Stone didn’t even know they were being attacked until I told them,” Ross says.

The reason for Raisley’s attacks is hilarious and sad and has been spelled out elsewhere (go here for a good writeup at Wired magazine), but we’ll summarize it here as succinctly as we can:

Raisley briefly volunteered to help with the scummy “Perverted Justice”
vigilantes–you know, the middle-aged creeps who get off by posing as
13 year old girls and boys in order to lure chat-room pervs into
revealing information about themselves, and then post that information
to expose them. NBC turned the idea into a goldmine by adding the cute
trick of luring the pervs to a rented house to be caught on film.

Anyway, Raisley came to his senses and quit the group, and then began
criticizing Perverted Justice online. PJ’s founder, a little twerp who
calls himself Xavier Von Erck (actually Phillip John Eide), decided to
teach Raisley a lesson. So he posed as a woman named “Holly,” and
seduced Raisley online.

For months, Raisley carried on a romance with “Holly” — including
cybersex (ew) — until Raisley decided to dump his wife and bring Holly
to Arkansas.

When Raisley went to the airport to meet her with flowers, Von Erck
made sure one of his followers was there to snap the pathetic photo —
which PJ promptly posted.

The thing is, Rolling Stone and Radar both used the
Raisley incident to illustrate what a little shit Von Erck is. But it
was Raisley who felt humiliated and didn’t want the story appearing
online.

Hence, the massive DDoS attacks on the two magazines and other sites,
like RickRoss.com, which were also posting their own versions of the
stories. In the end, Raisley only ended up creating even MORE interest
in his story. Dumbass. Now he’s facing up to 10 years in prison.

As for Gawker’s attacker, Ross says it could be tough for the blog
company to figure out the source of its hacker. Any guesses, we asked
the cult expert? Like, say, Scientology?

“Scientology has never done a DDoS attack on me, and I don’t know that
they’ve ever done it to [perennial Scientology irritant] Operation
Clambake
,” Ross answered. “They don’t seem a likely candidate to me.”

Most Popular