In the Visigothian swathe of destruction the FBI wrought throughout the Darkweb with last week’s takedowns of 400 URLs (27 actual websites), one casualty may have been overlooked.
Because it was not on the Darkweb at all.
Cyberguerrilla.org is a news site/blog host/gathering spot for the digital revolutionary with an Anonymous outlook. When you open the page, it plays Hoist the Colours, the song which calls Brethren Court of pirate kings to assemble and fight the Empire.
We honour the place within you where the entire Universe resides. We honour the place within you of love, of light, of truth, of peace.
We honour the place within you, where, when you are in that place in you.
We, Anonymous are in that place in us, there is only one of us, devided by zero.
It’s equal parts badass cyberpunk and post-apocalyptic hippie, and its influence on Anonymous is inestimable. Our own AnonyOdinn’s blog is hosted on Cyberguerrilla, which is how we came to know of the attack.
Yes, I always was a pro at burying the lede.
And that’s how we learned that for several hours during Op Onymous, Cyberguerrilla was under DDoS attack so strong it was knocked offline. Now, Cyberguerrilla is not a Darkweb site. It’s reachable via any regular browser, and it’s not a drug, weaponry, or kiddie porn marketplace. But it IS a central node in contemporary digital revolutionary thinking, and knocking it offline would have a strong disruptive effect. We spoke to Doemela, one of the administrators of the site about the outage, and discovered that this was only one of many attacks over the years.
The Cryptosphere: How would you describe Cyberguerrilla to someone who had never seen it?
Doemela: The CyberGuerrilla AnoNneXus Collective is an autonomous body based in Europe with collective members world wide. Our purpose is to aid in the creation of a free society, a world with freedom from want and freedom of expression, a world without oppression or hierarchy, where power is shared equally. We do this by providing communication and computer resources to allies engaged in struggles against capitalism and other forms of oppression.
We believe it is vital that essential communication infrastructure be controlled by movement organizations and not corporations or the government. We strive to keep our communications as secure and private as we can.
The CyberGuerrilla Concept is based on an optimistic view of the prevailing autonomy, mutual aid, resource sharing, participatory knowledge, social advocacy, anti-oppression work, community creation, and secure communication.
Given that, who would want to take Cyberguerrilla down?
That depends what operations we run. When we did OpIsrael we had a lot of traffic coming from that side [Israel]. Some time[s] its a blog post, but can’t think of any particular enemy this time. This server is probed from the East and West so [it] can be anybody.
Did you get a threat in advance?
No, we never get [those]. Sometimes we provoke butthurt but this time we can’t think of who has [been] butthurt for our actions. Only thing is we teach people to Dos/DDos on our blog :P so it can be that!
Tell us about the actual attack. When was Cyberguerrilla actually offline? How long? Were there any unusual features of the attack?
There server was locked by our host (Hetzner) for a attack of Sum 100.133.000 packets/300s (333.776 packets/s), 100.119 flows/300s (333 flows/s), 3,814 GByte/300s (104 MBit/s) “The attack has placed a considerable strain on network resources and, as a result, a segment of our network has been adversely affected. Your server has therefore been deactivated as a precautionary measure.”
And because of Sunday they did a nap, those Krauts went to church or something. They did not react on my request for more than 24Hr. [I] called them and they said “couple minutes to an hour and we’ll fix it,” but that never happened.
Was it a DDoS? Have you identified the incoming IPs? Any pattern?
They are either vpns or spoofed IPs.
If it was a botnet attack, is it a botnet you’ve seen before, ie same IPs, etc?
No, VPN mostly. [so their ultimate source is unidentifiable unless the VPN provider will give up the original IPs, which of course they will not do without a court order or similar]
How often do you get DDoS attacks? What have you tried to do to mitigate them?
Once per three months, we run several programs that can take a lot of traffic, and when the shit hits the fan we have several programs that kick in to nulroute those ips [ie send them off into cyberspace where they attack the void, harmlessly] but the policy of our host is to step in. It’s [been a] long time [since] we went down because of attack. [Our] host reacts before that.
Do you think it might be related to the Darknet takedowns the FBI did over the weekend?
Thought of that too and checked files but none were changed or touched and hidden services we run are Tor-mirror, webchat and some websites but those are also public on the clearnet. So nothing really hidden; mostly run for anonymity reasons.
What was the last story posted before the site went offline? What was the biggest story that day?
Figures :P #ro0ted #OpNewblood DoS from a fake IP: hping3 https://www.cyberguerrilla.org/blog/?p=21041 but nothing really hot.
So, there you have it; while the digital news cycle was being dominated by FBI raids on the Darknet, someone simultaneously knocked one of the largest digital revolutionary/Anonymous sites offline for more than a day. And while I’m a pro at burying a lede, THAT is a very clever way to bury an entire newsworthy event, regardless of who pulled it off.