And then our website went down

And then our website went down

Who was behind the attack? We have no idea

19-01-2022

Do you remember when UM was the victim of a cyber-attack? All systems went down, including the university website. But Observant stayed online, as our website is externally hosted and was not being targeted by the cyber-criminals.

We weren’t quite so lucky last week. Not two days after the end of Christmas break, our website started acting up. It went from running so slowly that we couldn’t post our articles to working fine again. We were told it was probably just a minor issue. Good! I wasn’t worried until Wednesday morning, when editor CF got a call from our hosting provider during our editorial team meeting on Zoom. It was not a minor issue after all: www.observantonline.nl was under DDoS (Distributed Denial of Service) attack. Say what? An explanation immediately followed: this means that the server is receiving so many requests to a web page that it becomes very slow and, eventually, crashes.

How to stop the attack?

We only had two questions: how do we stop the attack? And who is behind it? To start with the first question: we decided to take the website down for a while in the hope that the attackers would give up. People in the know told us that this was a realistic scenario. But on Thursday morning, when we went back online after ten hours, nothing had changed. It only took a few minutes for things to go wrong again. We had to take stronger action. We needed a powerful filter; the website had to be placed behind a firewall that would protect it from the attacks. But this wasn’t as simple as clicking a button.

No bunch of amateurs

Our hosting provider and ICTS staff combined their efforts and eventually succeeded. We went back online on Friday afternoon. The attacks continued for a while, with the website receiving up to one million requests per fifteen minutes, but it didn’t go down again. When the dust had settled, our hosting provider told us that this wasn’t the work of a bunch of amateurs on the dark web who had been paid ten euros to attack a website for an hour. It was too severe for that. No, it was much more likely to be the work of professionals. But why would they target a university newspaper?

Business model

Who would do something like this? It’s nearly impossible to find out for sure. Sometimes the attackers are hackers who want money, but that wasn’t the case here. Sometimes they are people who have a problem with your organisation and are out to inflict as much damage as possible. But it’s not like we’re involved in a lot of conflicts… Finally, sometimes you just have the bad luck to be part of a group of random websites that fall victim to people who have turned cybercrime into a business model.

Let’s hope it was the latter.

Author: Riki Janssen

Photo: Observant

Tags: ddos attack, website, cyber attack, dark web,editorial

Add Response

Click here for our privacy statement.

Since January 2022, Observant only publishes comments of people whose name is known to the editors.