In the past, I have been a vocal critic of the Church of Scientology. Like many of you, I saw the video of Tom Cruise, wide-eyed and cackling, talking about how only Scientologists know what to do when they pass a car wreck. It made me pray to God that, should I actually be involved in a real car wreck, to please prevent any Scientologist whackos from slapping an e-meter on me. God should instead dispatch a firetruck with the jaws of life.
Last week, the Church of Scientology began to legally threaten those that posted the Tom Cruise and other initiation videos. The leagues of “Anonymous” who inhabit the /b/ channel of 4chan.org issued a battle cry and decided to DDoS Scientology websites as a response. You can see their declaration video against CoS here.
So how successful was their campaign of cyber-terror against the CoS? It was disruptive, causing lengthy periods of unavailability for many of the Scientology sites. The CoS responded to the attacks by “repositioning their Internet posture” by hiring a content-distribution company that will load-balance their servers, preventing the effects of the DDoS.
The attack statistics, according to Jose Nazario at Arbor Networks here:
- Number of attacks measured: 488 in the past week
- Attacks by date: 488 on January 19, 2008
- Maximum PPS rates seen: nearly 20000 pps (packets per second), with an average attack size of 15,000 pps
- Maximum bandwidth seen per attack: 220 Mbps, with an average attack size of 168 Mbps. This is on the high side of an attack, but significantly smaller than the largest ones we commonly see nowadays
- Maximum duration of a single attack: 1.8 hours, which is on the long end of common, but the average attack lasted just under half an hour
- Number of reporting ISPs: 1, indicating that this is not a huge, broadly sourced attack (ie it may not have registered on other ISPs systems)
I have read many of the forums and threads that discussed the attack as it was ongoing from members of “Anonymous.” Most of the attacks seemed to be scripted by individual users. Some were merely sending ping floods with multiple command prompts. It is unlikely anyone was using a botnet.
This means that “citizen volunteers” can still knock over internet sites as part of hactivism or to make a point. And in this case, I think Anonymous made their point. They certainly scored well in the press coverage.