[liberationtech] Message from Ricken on Avaaz cyberattack

Yosem Companys companys at stanford.edu
Tue May 8 12:40:36 PDT 2012 

Just a constructive suggestion to potential Liberationtech entrepreneurs
out there that is being raised from this debate:

   - Non profits need some organization to help them deal with cyber
   attacks, so they don't have to spend $35,000 to protect themselves.  Such
   an organization would tap into the best crypto expertise on a pro-bono
   basis to help these organizations.

Anybody out there interested in taking something like this on?

Yosem

On Tue, May 8, 2012 at 12:28 PM, Yvette Alberdingkthijm
<yvette at witness.org>wrote:

> Hi List,
>
> As someone who learns from and very much enjoys the community of this
> list, but also someone who runs an NGO - always hungry for more funding…to
> support the many out there who use video to document and protect human
> rights,
> I am a little concerned about the nature of this debate. Of course
> transparency and facts are paramount in positioning any issue, fundraising
> effort, or tech solution publicly. But the goal of this list's involvement
> is hopefully - as some folks have done, to provide a critical eye, call out
> the obvious untruths but then offer a helping technology hand. Not (in
> extremis) to catch every non-profit on the literal accuracy of every word
> it publishes. There is a debate to be had in this instance on the merits of
> these kinds of calls for help (any fundraising calls and positions we take,
> frankly) - from various angles (effectiveness, community building, or
> reputation and credibility), but not sure if beyond that critical eye that
> is the calling of this list…
>
> YAT
>
>
>  Yvette J. Alberdingk Thijm
> Executive Director
> WITNESS
> 80 Hanson Place
> Brooklyn, NY 11217
> phone: + 1(718) 783 2271
> europe: +31 619031122
> mobile: + 1 (347) 210 0152
>
> skype: yvette-a or witnessyvette
> email: yvette at witness.org
> twitter: @yvettethijm, @witnessorg, #video4change
> blog: blog.witness.org
>
>
> When elephants fight, the grass suffers
>
> On May 8, 2012, at 11:51 AM, jim youll wrote:
>
> Having dealt with these problems at various scales (but perhaps not at
> this scale-the facts are fuzzy) i am made very uneasy by the amount of
> money that is claimed both spent and additionally necessary for "DDOS
> protection." Those would be appropriate sums to pay an extortionist as
> "protection money" but they seem to be talking about technology spending
> here, and the whole story is just too much hyperbole and not much that
> seems reasonable at any scale, particularly the overt declaration that
> "DDOS protection" (whatever that means) is a linear function of money
> applied ( above a threshold that imo should have been passed several tens
> of thousands of dollars ago)
>
> Yosem Companys <companys at stanford.edu> wrote:
>>
>> *Message from Ricken on Avaaz cyberattack: *
>>
>> Hi all - I've heard there's some concern on your list about Avaaz's DDoS
>> trouble. Thanks so much for the offers of help, much appreciated and I know
>> some of you have been great allies in the past, but I think we've got great
>> people working on it and the attack ended last week. Also surprised to hear
>> some of you thought we made this up! If you want to ask a third party,
>> Datagram, Arbor Networks and to lesser degree Croscon were the three groups
>> involved that we asked for advice and help from.
>>
>> The other concern I heard is, was this an exaggerated fundraising ploy?
>> Datagram told our tech team it was one of the largest attacks they'd seen,
>> and if we hadn't just 8 weeks ago spent $35k on much fancier DDoS
>> protection it would have completely disabled our site for days. They also
>> said the attacker was constantly adapting to our defenses, the attack was
>> surprisingly sustained, and a key origin appeared to be Amsterdam where we
>> were told some groups for hire operated from - suggesting someone was
>> paying for this. All that triggered our level of concern in writing the
>> fundraiser. Over the last 6 months, we've grown by an average of almost
>> 300,000 people per week, so being disabled for a few days can be super
>> costly. When we brought the guys from Arbor Networks in, they dialed down
>> the concern a little bit, questioning the amsterdam part, and saying it was
>> bigger than the large majority of DDoS attacks, but much larger ones were
>> possible. But that last bit also dialed up our concern, because we knew we
>> were at the limits of what we could handle and we didn't have budget for
>> more. That had been the main reason for the fundraiser.
>>
>> And yes, of course we need the money - both for more DDoS protection and
>> also for ramping up our tech security across the board - there was a short
>> list of things in the email. That list also dealt with a wider range of
>> needs, including the physical security of our staff in places like Russia
>> and Lebanon, which also has a tech security component to it. Our community
>> was extremely supportive so we ended up raising more than we need
>> immediately, but this is the first appeal like this we've done in 5 years
>> and we probably won't do another for a long while, so the money has to
>> last. That's part of how online organizing works - you leverage bursts of
>> engagement with particular campaigns and issues to support longer term
>> objectives sustainably. If we find that our plans mean we don't anticipate
>> using a lot of the money for the purpose raised, we email the donors and
>> ask them to either request a refund or tell us what we can use the
>> remainder of t he funds for.
>>
>> Hope that helps, and I hope you'll forgive us for a few days delay in
>> replying and not being able to engage and collaborate with you all like we
>> would if we were more a part of your community. We have a small team
>> working in a dozen languages with staff spread across the world, and cover
>> an enormous number of issues in an enormous number of countries. We run
>> about 10-14 campaigns per week, and every campaign we run has a relevant
>> civil society community and often several in different countries (e.g. a
>> French tech community is also demanding our engagement on this one, and
>> even threatening us with a DDoS attack if we don't!). So while I am told
>> that you have norms about collaboration and engagement among you, I regret
>> that we can't follow them. Hope you'll forgive us and judge us by the
>> quality of our work over time. Good luck to you with yours.
>>
>> Ricken
>>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders. You may ask for a reminder here:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120508/a764952c/attachment.html>

More information about the liberationtech mailing list