Commentary

Matt Mullenweg Appeared on This Week in Tech to discuss the DDOS attack. Since I pointed out some interesting timing in the attack and wordpress.com’s spasm of availability inside the GFW, I’m spending my lunch break transcribing the conversation. The TWiT panel gets raucous so I’ve tried to exclude the banter and just catch Mullenweg’s comments on the DDOS attack. I’ve put cues in brackets to add context but keep the questions out of the stream, and keep Mr. Mullenweg’s words as exact as I can.

If you’d like to listen for yourself, Matt joins the conversation around 42minutes in.
—————-

“I guess it started on Thursday, we had a an extremely large .. DDOS attack that ended up taking wordpress.com down. [...] [The WordPress DDOS] attack peaked at 6 or 7 gigabits. It actually wasn’t the largest one we’ve seen in terms of bandwidth, but it was pretty intense in a a Packets per Second point of view, which ended up overloading the routers upstream from us.”

The Panel postulates about silliness. Matt responds to the Tech Crunch story directly:

“It is a fact that the majority of traffic was coming from China, however now that we’ve dug a bit more into the blog, it appears that the attack might have been business motivated. The website was some sort of gaming website that appears to have no political aspect at all. I mean, I don’t speak Chinese. We were probably just collateral damage in this case. “

Q: What does this blog cover?

“I don’t know. I’m just working off google translate. It appears to be some sort of online gaming Chinese thing.”

The first set of attacks we didn’t know [it was directed at this site], it was just basically a TCP attack at Port 80. [...] One of the later ones [attacks] was a resource overload which included HTTP headers, which made it very easy to see what they were targeting.

“I originally thought it was politically motivated because we’ve had a number of [trails off]… I mean we get DDOSes all the time [...] sometimes a few times a week, most are so small we don’t even notice, just because. There was another larger DDOS attack against some Vietnamese political sites, so I thought it might be related to that somehow.”

Matt confirms TechCrunch’s data on the source of attacks (98% was from China). Panel discusses the botnet system around the world buried in bootleg software.

“That said it was definitely a professional attack. The size of the attack would have been very very expensive to mount. So based on that, it was not trivial, but we don’t have any further details about why, or who.”
“We’ve tried to [contact the owner of the site] but we haven’t heard back.”

Panel degenerates into mockery of Russian accents, then they discuss Mullenweg’s lack of cooking prowess.
—————-
Yesterday, I pointed out the correlation between this DDOS and WordPress.com becoming momentarily available inside the GFW. I’m convinced that these two events coincided, but there was surely not enough data yesterday to really postulate who caused it. If this had been politically motivated, it would not have been the first China based attack on a major web service.

However, I think there’s a bit more intrigue to this now that it appears the attack targeted a gaming site. Consider three of the myriad possibilities:

1. A privately financed DDOS attack arranged coordinated, temporary access to their target by getting the site unblocked
2. A private DDOS attack crashed a portion of the GFW for a short while.
3. We have no idea what’s really going on here, but neither does WordPress.