Tag Archives: GFW

Matt Mullenweg discusses WordPress.com DDOS attack – Things get curiouser and curiouser

Matt Mullenweg Appeared on This Week in Tech to discuss the DDOS attack. Since I pointed out some interesting timing in the attack and wordpress.com’s spasm of availability inside the GFW, I’m spending my lunch break transcribing the conversation. The TWiT panel gets raucous so I’ve tried to exclude the banter and just catch Mullenweg’s comments on the DDOS attack. I’ve put cues in brackets to add context but keep the questions out of the stream, and keep Mr. Mullenweg’s words as exact as I can.

If you’d like to listen for yourself, Matt joins the conversation around 42minutes in.

“I guess it started on Thursday, we had a an extremely large .. DDOS attack that ended up taking wordpress.com down. […] [The WordPress DDOS] attack peaked at 6 or 7 gigabits. It actually wasn’t the largest one we’ve seen in terms of bandwidth, but it was pretty intense in a a Packets per Second point of view, which ended up overloading the routers upstream from us.”

The Panel postulates about silliness. Matt responds to the Tech Crunch story directly:

“It is a fact that the majority of traffic was coming from China, however now that we’ve dug a bit more into the blog, it appears that the attack might have been business motivated. The website was some sort of gaming website that appears to have no political aspect at all. I mean, I don’t speak Chinese. We were probably just collateral damage in this case. “

Q: What does this blog cover?

“I don’t know. I’m just working off google translate. It appears to be some sort of online gaming Chinese thing.”
The first set of attacks we didn’t know [it was directed at this site], it was just basically a TCP attack at Port 80. […] One of the later ones [attacks] was a resource overload which included HTTP headers, which made it very easy to see what they were targeting.
“I originally thought it was politically motivated because we’ve had a number of [trails off]… I mean we get DDOSes all the time […] sometimes a few times a week, most are so small we don’t even notice, just because. There was another larger DDOS attack against some Vietnamese political sites, so I thought it might be related to that somehow.”

Matt confirms TechCrunch’s data on the source of attacks (98% was from China). Panel discusses the botnet system around the world buried in bootleg software.

“That said it was definitely a professional attack. The size of the attack would have been very very expensive to mount. So based on that, it was not trivial, but we don’t have any further details about why, or who.”
“We’ve tried to [contact the owner of the site] but we haven’t heard back.”

Panel degenerates into mockery of Russian accents, then they discuss Mullenweg’s lack of cooking prowess.
Yesterday, I pointed out the correlation between this DDOS and WordPress.com becoming momentarily available inside the GFW. I’m convinced that these two events coincided, but there was surely not enough data yesterday to really postulate who caused it. If this had been politically motivated, it would not have been the first China based attack on a major web service.

However, I think there’s a bit more intrigue to this now that it appears the attack targeted a gaming site. Consider three of the myriad possibilities:

  1. A privately financed DDOS attack arranged coordinated, temporary access to their target by getting the site unblocked
  2. A private DDOS attack crashed a portion of the GFW for a short while.
  3. We have no idea what’s really going on here, but neither does WordPress.

WordPress DDOS attack: there’s some funky timing here

WordPress.com, the hosted WordPress service, experienced 2 DDOS attacks over the weekend.

This coincided with reports across twitter, weibo and Shanghaiist that WordPress.com and Typepad were available to Chinese web-users after a long period of being blocked by the Great Firewall.

Not long after these notes of surprise flooded social media streams, the sites were blocked again.  I can’t resonably determine when this happened, but the window was perhaps a few hours.

WordPress levels blame directly on threats from within China for the DDOS attacks, though they are not releasing specifics of the target website.   Based solely on the SM evidence (twitter and weibo do pretty poorly with timestamps)  and the Automattic graphic above, it appears that the DDOS attack coincided with the temporary availability of wordpress.com in China.

The attack is described as a ‘coordinated and distributed’, and clearly brought one of the largest web-hosts in the world to ground, if only for a short while.  This evidence is thin and merely correlative, but one’s mind can spin.  If all of the coincidences aren’t, it’s easy to imagine a deputized 50cent party, sent after detractors of the party.  Technologically, if the GFW needed drop the cloak entirely to facilitate a DDOS attack, it suggests a lack of sophistication and coordination.  It could also suggest an unreasonable level of gravitas.

So… chew on that for a minute.