[liberationtech] Avaaz, is this for real?

Fri May 4 10:34:04 PDT 2012

I just got this statement from Avaaz communications director Sam Barratt. It's still highly inadequate:

Hi Andrew

Sorry for the delay in getting back to you - the attack was for real I can assure you.  Below is a short statement 
we have issued, we are still looking into this and I will let you know 
when we can share more on what went on.

Cheers
Sam

Avaaz statement on the attack on the site
An
 attack on Avaaz’s website from a globally-distributed botnet of 
thousands of computers ended yesterday (Thursday 3rd May). Avaaz does 
not have any further information about who is behind it but the FBI have
 been notified about this incident.  

The DDOS attack lasted for 44 
hours and finally ended on Thursday 3rd May which experts say "was a 
large and substantive attack." 

The site was down for 14 minutes on Wednesday 2nd May and our ability to 
send out global campaigns to our membership was affected during the 
attack.  In response, Avaaz has launched a fundraising campaign in order to create a defence fund to take its security to the next level.

Andrew Couts
Staff Writer
Digital Trends
acouts at digitaltrends.com

Twitter: @andrewcouts
www.digitaltrends.com

________________________________
 From: Steve Weis <steveweis at gmail.com>
To: Andrew Couts <andrew_couts at yahoo.com> 
Cc: "liberationtech at lists.stanford.edu" <liberationtech at lists.stanford.edu> 
Sent: Friday, May 4, 2012 1:00 PM
Subject: Re: [liberationtech] Avaaz, is this for real?

Hello Andrew. Your article asserts that this attack is happening as fact, yet you say that Avaaz did not provide any additional information. Which sources and evidence did you base your article on besides Avaaz's own press release?

Claims of a "massive attack" are easy to confirm. Avaaz should be able to provide detailed logs of the attack, which can be verified by an independent security professional and corroborated by their hosting providers.

If this does turn out to be a targeted denial of service attack, that certainly doesn't take real expertise or significant resources -- it's cheap to rent a botnet. It's a big leap to claim that a state actor or large corporation must be behind it.

On Fri, May 4, 2012 at 9:18 AM, Andrew Couts <andrew_couts at yahoo.com> wrote:

Hi - I'm the author of that Digital Trends article. I have repeatedly asked Avaaz for more information about the attack, and they have either said "We'll know more soon," or completely ignored me. I believe there is simply not enough information available yet to make accusations of fraud in the press. But I am doing my best to get answers about exactly this. I'll send out an update if they respond.
>
>
_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120504/2136c248/attachment.html>