[liberationtech] Message from Ricken on Avaaz cyberattack

Tue May 8 11:29:58 PDT 2012

*Message from Ricken on Avaaz cyberattack: *

Hi all - I've heard there's some concern on your list about Avaaz's DDoS
trouble. Thanks so much for the offers of help, much appreciated and I know
some of you have been great allies in the past, but I think we've got great
people working on it and the attack ended last week. Also surprised to hear
some of you thought we made this up! If you want to ask a third party,
Datagram, Arbor Networks and to lesser degree Croscon were the three groups
involved that we asked for advice and help from.

The other concern I heard is, was this an exaggerated fundraising ploy?
Datagram told our tech team it was one of the largest attacks they'd seen,
and if we hadn't just 8 weeks ago spent $35k on much fancier DDoS
protection it would have completely disabled our site for days. They also
said the attacker was constantly adapting to our defenses, the attack was
surprisingly sustained, and a key origin appeared to be Amsterdam where we
were told some groups for hire operated from - suggesting someone was
paying for this. All that triggered our level of concern in writing the
fundraiser. Over the last 6 months, we've grown by an average of almost
300,000 people per week, so being disabled for a few days can be super
costly. When we brought the guys from Arbor Networks in, they dialed down
the concern a little bit, questioning the amsterdam part, and saying it was
bigger than the large majority of DDoS attacks, but much larger ones were
possible. But that last bit also dialed up our concern, because we knew we
were at the limits of what we could handle and we didn't have budget for
more. That had been the main reason for the fundraiser.

And yes, of course we need the money - both for more DDoS protection and
also for ramping up our tech security across the board - there was a short
list of things in the email. That list also dealt with a wider range of
needs, including the physical security of our staff in places like Russia
and Lebanon, which also has a tech security component to it. Our community
was extremely supportive so we ended up raising more than we need
immediately, but this is the first appeal like this we've done in 5 years
and we probably won't do another for a long while, so the money has to
last. That's part of how online organizing works - you leverage bursts of
engagement with particular campaigns and issues to support longer term
objectives sustainably. If we find that our plans mean we don't anticipate
using a lot of the money for the purpose raised, we email the donors and
ask them to either request a refund or tell us what we can use the
remainder of the funds for.

Hope that helps, and I hope you'll forgive us for a few days delay in
replying and not being able to engage and collaborate with you all like we
would if we were more a part of your community. We have a small team
working in a dozen languages with staff spread across the world, and cover
an enormous number of issues in an enormous number of countries. We run
about 10-14 campaigns per week, and every campaign we run has a relevant
civil society community and often several in different countries (e.g. a
French tech community is also demanding our engagement on this one, and
even threatening us with a DDoS attack if we don't!). So while I am told
that you have norms about collaboration and engagement among you, I regret
that we can't follow them. Hope you'll forgive us and judge us by the
quality of our work over time. Good luck to you with yours.

Ricken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120508/30b44f7b/attachment.html>