A new local crime and policing website for England and Wales was launched late last night at police.uk. The revamped site provides instant access to street-level crime maps and data – or at least, it did until curious members of the public woke up this morning.
In what could arguably be described as a media-driven DDoS, the new site has received a lot of publicity on the internet, radio and television today. As a result, a huge number of visitors appears to have swamped the police.uk site with traffic, causing it to break. Search results are currently returning error messages, or a blank page with a 503 Service Unavailable response header.
One response worryingly suggests there are no police in London:
The new police.uk site has been developed by advertising agency Rock Kitchen Harris, who also developed the original CrimeMapper site for all 43 English and Welsh police forces in 2009. The launch was announced today on their website, where they said:
"We not only designed, built and manage the site we also arranged the hosting using a mix of servers, with the public website using scaleable cloud hosting."
Despite the use of scaleable cloud hosting (in this case, Amazon EC2), the site does not appear to be holding out too well. Amazon's EC2 hosting service does provide a facility called Auto Scaling, which deals with traffic spikes by automatically increasing capacity, but it is not clear whether RKH have enabled this feature. WikiLeaks notably used Amazon EC2 when the Iraq War Logs and Cablegate sites went live, both of which coped well with the initial large volume of traffic.
Netcraft was unable to speak to anyone in the web team at RKH, as they are, understandably, "a bit tied up at the moment", but it was confirmed that the current problem is a result of too much traffic.
Following the recent uprising in Tunisia, thousands of demonstrators took to the streets in Egypt yesterday to demand an end to President Hosni Mubarak's rule. The online collective known as Anonymous has joined in the protests by orchestrating distributed denial of service attacks against key Egyptian websites.
Operation: Egypt began its recruitment campaign 3 days ago, inviting participants to join the #OpEgypt channel on its IRC network. As with the previous attacks against PayPal, MasterCard and Visa, volunteers are being sought to install and run the Low Orbit Ion Cannon (LOIC) software, which can automatically bombard a website with a large volume of traffic.
Last night, Twitter confirmed that it had been blocked in Egypt:
Some of the earlier DDoS attacks carried out by Anonymous had used Twitter feeds to announce targets to the automated attack software. IRC appears to be the primary control point now, with the current target set to www.mcit.gov.eg – The Egyptian Ministry of Communications and Information Technology.
It is not clear how many people are involved in this attack, but our performance data for www.mcit.gov.eg shows the website is currently up and responding to HTTP requests from around the world.
This could suggest that the number of volunteers taking part in the attacks has continued to decrease over the past few months. In an interview earlier this month, Anonymous member Sven Slootweg said that he did not expect many more DDoS attacks as the impact is limited.
To muster up more attackers, the IRC channel also invites users to use a web-based version of the LOIC attack tool, which can even be used from mobile phones. Further discussions, including which targets to attack, are being carried out on the interactive multi-user PiratePad site:
Popular BitTorrent site The Pirate Bay is one of many joining in with today's "blackout" protests against a new media law approved in Hungary. The law allows Hungarian publications to be fined for violating public order, which could require journalists to reveal their sources.
The blackout campaign is being publicised through blackout4hungary.net, which encourages other sites to take part in the protest by adding black banners or stylesheets to their sites. The blackout4hungary.net site appears to have taken the blackout concept a step further and is currently offline, although this may just be a consequence of the large amount of traffic being driven to the site through hyperlinks and hotlinked stylesheets.
The Pirate Bay is currently hosted in Germany and uses the lighttpd web server. The site has nearly 5 million registered users and claims to be "the world's most resilient BitTorrent"; however, the site's availability has been somewhat choppy since Tuesday.
4chan's popular message boards are under another distributed denial of service attack. Many members of Anonymous inhabit the site's boards, although it is unknown whether the current attack is related to any of the previous DDoS attacks purportedly carried out by Anonymous.
Shortly after the attack began, an update on status.4chan.org quickly stated, "Another day, another DDoS! Right on the eve of /b/'s 300 millionth post." 4Chan was also subjected to a similar attack last week, whereupon it quipped, "We now join the ranks of MasterCard, Visa, PayPal, et al.–an exclusive club!" These payment companies had previously been targeted by Anonymous in a series of attacks last month.
Real-time performance graphs for websites that have been involved (or may become involved) in the WikiLeaks and Anonymous attacks can be monitored at http://uptime.netcraft.com/perf/reports/performance/wikileaks
Many Christmas shoppers have been denied access to the BestBuy.com website this week. None of our performance monitors has been able to visit the site in the past 24 hours, while some locations have been denied access for more than 3 days. Some Twitter users have reported problems accessing the site as early as 18th December.
BestBuy.com offered guaranteed Christmas delivery for orders placed before 11am ET time on Tuesday, although many shoppers have apparently been unable to use the website ahead of the deadline.
The BestBuy.com website is served from the Akamai content distribution network, and has been using the AkamaiGHost web server since 19th December. A Best Buy employee said "The website is acting a little weird right now, for US customers or otherwise. Technicians are working on it 24/7".
At the time of writing, the site still returns a 403 Forbidden response, saying "You don't have permission to access "http://www.bestbuy.com/" on this server." Live performance graphs for www.bestbuy.com can be viewed here.
The WikiLeaks.org website has moved again and now appears to be hosted within walking distance of the CIA's headquarters. The site was previously hosted by Silicon Valley Web Hosting, but has now switched to ServInt, whose offices are adjacent to the CIA in McLean, Virginia.
A = ServInt headquarters, B = CIA headquarters (both approximate)
Hosting the WikiLeaks.org site within such close proximity of the CIA headquarters is surprising given that earlier this year, WikiLeaks asked the CIA to stop spying on it, though it will presumably be helpful for the CIA's WikiLeaks Task Force (WTF!)
The recent hosting history for www.wikileaks.org can be viewed here.