Posted at 11:20 AM ET, 12/28/2010
4chan knocked offline by denial-of-service attack
By Rob Pegoraro
A site that's been used to launch some of the Internet's more creatively malicious attacks has become the victim of one. 4chan, the free-form set of anonymous message boards behind such pranks as getting a racial slur atop Google's list of search topics and "denial-of-service" attacks against high-profile commercial sites, has been out of action since sometime this morning.
The site's founder, Christopher Poole (aka "moot"), posted the news on its status blog at 2:39 a.m.:
Site is down due to DDoS. We now join the ranks of MasterCard, Visa, PayPal, et al.--an exclusive club!
"DDoS" is short for "distributed denial of service," in which users employ hundreds or thousands of computers to hit a site with enough spurious requests that it crumples under the load. 4chan's users have been behind more than a few DDoS attacks themselves, such as when they knocked the sites of the Motion Picture Association of America and the Recording Industry Association of America offline in September.
(I suspect that if you put your ear to the front door of either group's D.C. office, you may hear mocking laughter.)
They also had a role in successful DDoS attacks against Visa and MasterCard's sites earlier this month, a retaliation against those firms' refusals to process donations to Wikileaks. 4chan users also targeted PayPal's blog.
The irony of 4chan becoming a victim of a DDoS attack--by whom remains a mystery--has not gone unnoticed. The site's Twitter update joked "we figured @MasterCard, @PayPal, and #Visa were lonely." The tech-news site Slashdot's post on the situation bears the tag "haha."
Earlier this morning, 4chan's boards were offline while the text of its home page still loaded. (For those of you tempted to check out the site on an office computer, that would not have been a good thing; much of its, ahem, visual content is of the not-safe-for-work variety.) Now, however, the entire site appears offline.
DDoS attacks look to become an increasingly common sport on the Internet, Harvard University's Berkman Center for Internet and Society concluded in a study released Dec. 20. Researchers Ethan Zuckerman, Hal Roberts, Ryan McGrady, Jillian York and John Palfrey noted the MPAA outage and other DDoS campaigns and observed in their study (PDF) that "we expect these attacks to become more common."
The primary remedy they suggested could carry costs of its own:
All organizations should carefully consider whether to host their sites on a free, highly DDoS- resistant hosting service like Blogger, even at the cost of prestige, functionality and possible intermediary censorship.
Here's where an otherwise potentially-silly post has to get a little serious. If any site can get "DDoSed," and the safest defense is to rely on large, commercial hosting services with the resources to withstand those attacks, doesn't that make it easier for governments or incumbent corporations to stage a different sort of denial-of-service campaign--along the lines of how Web and financial firms have been pressured to drop Wikileaks--against those same well-established services?
I don't know that there is any sort of solution for this, and I'm not expecting one to emerge in the comments. But while you speculate about who might have given 4chan a dose of its own medicine--perhaps MasterCard, because timely revenge is priceless?--take a moment to think about where these trends might lead us.
"Training? Nah, we're just goin' out there havin' fun every damn day."
- Tom Wallisch