14 DAY TRIAL // Bob Harrison has been running, for many years now, the bobbear.co.uk website, aimed at informing users about online fraud and identity theft schemes. A few days back, Harrison was unpleasantly surprised to find his website inoperable, due to a massive denial of service attack.
Upon further investigations, he discovered that the attack consisted of nearly half a million HTTP_GET requests from a massive botnet. The requests had the purpose of keeping the http session opened for as long as possible, thus reaching the website's basic hosting limitations and rendering it offline.
Harrison tracked the origins of the attack back to Russian servers, and noted that the botnet consisted mainly of Eastern European and Asian infected computers. “The attack […] is apparently originating from the host cxim.inattack.ru registered with the registrar R01-REG-RIPN and is hosted by Starhub Internet,” wrote the independent anti-fraud fighter, on the CastleCops forum.
The attack somewhat coincides with the launch of the Get Safe Online campaign in the UK, but there is no solid proof to link the two events. Even so, “an attack like this is unfortunate news for the Internet community, as it disrupts the dissemination of hundreds of pages of warnings about email frauds archived by Bob over the years,” noted Graham Cluley, senior technology consultant for security vendor Sophos.
This is not the first time Bob and his website are targeted by cybercriminals, due to his anti-fraud volunteer work. A year ago, he was the subject of a campaign launched by spammers, which claimed that he was requesting money donations to be sent to an e-Gold account. The crooks targeted his reputation, and they unfortunately succeeded in tricking his hosting provider into temporary suspending his account.
"Undoubtedly, it is simply a response to the work I do in highlighting the mainly Russian money laundering and reshipping frauds that are currently plaguing the Internet and wrecking the lives of innumerable victims," commented Bob Harrison for The Register with regard to this last incident. “The only consolation that Bobbear can take is that they must be having an impact on the fraudsters, if they are prepared to launch an attack like this,” also concluded Graham Cluley.
At the time this article was written, the bobbear.co.uk website has been down for almost a week, as the attack is still on-going and its force remains unchanged. This incident should illustrate the length cybercriminals would go to in order to protect their illegal operations, the potential destructive force of botnets, as well as the risk they pose to everyone, not just to corporations or institutions.