07.01.15
Speculations About the EPO’s Possible Role in DDOS Attacks
Summary: Readers’ views on who might be behind the attacks on this site amid confirmation that it’s on the ‘targets’ list of the EPO
YESTERDAY we mentioned EPO spying on this site and the day before that we wrote about DDOS attacks against this site. We are still eager to get to the bottom of who’s behind the very latest attacks (different from previous attacks) and some people wrote to us with additional information.
“You should perhaps take your case with US authorities,” one person said, “i.e. the FBI, as the AWS server is located in the US, according to ping timings and traceroute performed [...] The EPO uses AWS on Amazon’s servers in Ireland to host their Open Patent Services, so they would have the technical knowledge to write a stupid stunt like that.
“But it would be amazingly daft to launch an attack from an account clearly connected to the EPO. I would imagine some shady operation running on stolen or prepaid credit cards, so you might not get very far anyway. The code needn’t be very sophisticated, and wouldn’t cost much to run.
“The FBI has acted in such cases in the past: http://www.securityfocus.com/news/9411
“but their own reputation isn’t quite sterling: http://arstechnica.com/security/2013/05/ddos-for-hire-service-works-with-blessing-of-fbi-operator-says/
Others have pointed out that, despite the patterns of attacks showing no signs of it, scrapers of the EPO or the external spies it hired could play a role. “Concerning the monitoring of IRC logs,” said one person, I “have reason to inspect that “bots” have been employed for monitoring the IRC channels which might go some way to explaining those DDOS attacks that you reported some time ago.”
The problem is, it wasn’t IRC pages that were being hammered. I “don’t have any detailed technical information about this,” the person continues, “or who exactly was involved (i.e. whether it was EPO internal or some outside “agents”). [...] just passing on what I have heard so that you are aware that you are somehow “under observation” (or at least your IRC logs are)” (we have strong evidence of that, but it is definitely not the cause of the server stress).
We are going to continue pressuring Amazon for the identity of the attacker (Amazon is still stonewalling) and maybe report abuse to the EPO’s network administrators some time quite soon. █