[liberationtech] Avaaz Faces Questions Over DDoS Begging Bowl | TechWeekEurope UK

Fri May 4 14:02:09 PDT 2012

http://www.techweekeurope.co.uk/news/avaaz-faces-questions-over-ddos-begging-bowl-76626

 Avaaz Faces Questions Over DDoS Begging Bowl

Avaaz says it was hit by a two-day DDoS lasting almost two days, but
questions have been raised about why it needs more money
On May 4, 2012 <http://www.techweekeurope.co.uk/date/2012/05/04> by Tom
Brewster <http://www.techweekeurope.co.uk/author/tbrewster>

Human rights campaigning group Avaaz has told TechWeekEurope the “massive”
cyber attack on its
website<http://www.techweekeurope.co.uk/news/human-rights-body-avaaz-under-massive-cyber-attack-76217>amounted
to a 44-hour distributed denial of service
(DDoS)<http://www.techweekeurope.co.uk/news/soca-website-forced-offline-by-ddos-attack-76287>
strike,
initiated by a “globally-distributed botnet of thousands of machines.”

But the company is facing some questions over why it has launched a
campaign for more funding in the wake of the attack.

Avaaz said it has informed the FBI about the “large and substantive” DDoS
attack, which it said ended on 3 May. According to the body, it has been
working with experts to determine the extent of the hit.
Government or corporation blamed

On Wednesday, the company put out a notice alongside a plea for donations
to help protect its infrastructure, claiming its experts had indicated a
government or a big corporation was most likely behind the strike. Yet the
company said it had no more information about who was responsible.

<http://www.techweekeurope.co.uk/comment/the-g-cloud-demands-new-business-models-56922/attachment/money-pounds>It
appears that despite the attack, Avaaz’s website has held up well. “The
site was down for 10 minutes on Wednesday 2nd May, and another 4 minutes
early Wednesday morning and our ability to send out global campaigns to our
membership was effected *[sic] *during the attack,” a spokesperson told
TechWeekEurope.

Avaaz has been campaigning over a number of high-profile issues since its
inception in 2006, launching a petition calling on companies such as
Facebook <http://www.eweekeurope.co.uk/tag/facebook> and Microsoft to ditch
support for the US Cyber Intelligence Sharing and Protection Act (CISPA),
while it has also been pushing to “stop Rupert Murdoch”.
 Questions asked…

Questions have been raised about Avaaz’s motives in asking for additional
funds to take its security “to the next level”.

“I love Avaaz. But saying ‘we’re suffering a massive cyber-attack’ then
asking for my card details, not so much,” read a tweet from Peter Bradwell,
of the Open Rights Group.

Comments from readers on TechWeekEurope’s story from Thursday alleged Avaaz
was primarily after money, yet the company did not respond to requests for
a response. One blog suggested the fact that the organisation was asking
for a defence fund raised “all kinds of alarm bells.”

W. Andrew Jones’ Tumblr
blog<http://wajones90.tumblr.com/post/22326898619/cyber-attacks-advocacy-groups-and-legitimacy>
asked:
“What is the severity of the attack, and who is the expert who can
corroborate that it is happening? Is there any third-party assessment,
beyond Avaaz’s own internal claims?”

“This sets an extremely uncomfortable precedent for other non-profit
organisations. To pay for website upgrades or network security, should they
also claim to be ‘under attack’ by mysterious corporate cyber attackers? If
they actually are ‘under attack’, should soliciting donations via their
(still-under-attack) website really be the first action they take?”

This publication drew the blog to Avaaz’ attention, in the hope of a
response, asking who its experts were, but we have had no response.

Avaaz certainly spends a lot of money on IT, which may leave some wondering
why it needs more for security. The organisation has spent substantial sums
on independent contractors, according to its
2009<http://avaazimages.s3.amazonaws.com/Avaaz%20990_12-31-09_PUBLIC.pdf>
 and 2010<http://avaazimages.s3.amazonaws.com/2010-12-31_Avaaz%20Foundation%20Form%20990%20for%20Public%20Viewing.pdf>
US
Internal Revenue Service accounting reports.

In 2009, the organisation paid Paul and Milena Berry, from New York where
Avaaz is based, $245,182 for IT consulting work. In 2010, the pair received
$294,000, as Avaaz’s revenues grew.

Milena Berry’s LinkedIn profile says she has been Avaaz’s CTO since March
2007. She covers various topics, including security and servers
infrastructure as well as software development.

Paul Berry’s LinkedIn profile indicates he was CTO of Avaaz from 2006 to
March 2007, when Milena Berry started.Despite leaving Avaaz in 2007, he was
still listed as one of the independent contractors for the organisation.

Paul Berry was CTO of the Huffington Post up until the end of 2011. His
LinkedIn account says he finshed building “the first phase of Avaaz.org in
March”, although does not specify the year. He is now CEO of RebelMouse, a
social media startup.

The body’s growing revenue may indicate that it is not desperate for money.
In 2009, president Ricken Patel received a $120,000 salary. The following
year, this went up to $177,863. The body, which is a “wholly member-funded”
organisation, posted a total revenue of $6,664,634 in 2010, up from
$4,784,120 in 2009. In 2010, total expenses were $5,574,908. There are no
figures for 2011 available yet.

The accounting report for 2010 says “compensation for the executive
director was determined by the board based on a study carried out for a
comparable organisation.

Avaaz says it has a core team across six continents and thousands of
volunteers. It has a member base of 14,267,571.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120504/3fdc97b1/attachment.html>