In case Whale Oil gets taken down again here is an up-again explainer post.
(By a different Pete on January 30, 2014)
Hi everyone. We’re back. For now.
No doubt Cam will be given more of his view of what happened. His experience is much more visceral. It kind of gets hard to go “oh, it’s just some idiots, it’s not real” when they tell you they’re going to tie your daughter down and pack rape her.
No doubt this article won’t answer all your questions. Please put your questions in the comments, and I’ll address the popular ones in a follow-up article. Upvote the ones you like, so I can see what is on your collective minds.
This article will also be longer than the ones you’re used to. A lot has happened.
Some of you will want to know the finer technical details about the attack, and what we’ve done to mitigate it so far. The simplest rule of security is: security by obscurity. That means, we’re not going to tell you anything that isn’t already in the public domain, or easily discovered.
A quick recap is in order. Cam published a post about some ferals on the West Coast of the South Island. You’re probably familiar with it by now.
The “Feral” article went unnoticed in a larger sense until a Greymouth Evening Star reporter phoned Cam and had a chat along the lines of “What do you think you’re doing? Do you even know these people?”.
Now, if you’ve ever heard Cameron Slater on the phone with other media, he’s quite used to saying outrageous things. But generally, the person on the other end of the phone will say “Can I quote you on that?”, and then Cam goes, “No, of course you can’t”. If only you could hear some of the conversations – they’re very entertaining.
The reporter never told Cam that he was “on the record”. Cam simply had a robust chat, including his usual style of telling people to harden up, and that was the end of that call.
The Greymouth Evening Star reporter had this one in the can – no doubt recorded – and as a result something to report on slightly more interesting than the fact another Hector dolphin had been sighted off a local beach.
After a few hours, the Whaleoil Facebook page was starting to get hit by people outraged at Cam’s insensitivity. In my view, fair call. But then we’re used to Cam’s insensitivities around here. It comes with the package.
Not much later, the feedback started flowing onto the blog as well.
But then something changed.
Instead of message of outrage, calling for apologies, retractions, etc, the mood turned sinister. Direct phone calls and text messages to Cam were promising to hurt him, kill him, hurt or kill his family, or encouraged Cameron Slater to take his own life.
Quite amazingly, these threats also started to openly come through on Facebook and on the blog.
I weeded most of them out on the blog, and Cam was busy managing the Facebook page.
Next thing we know, later that night, whaleoil.co.nz was under an “attack” that essentially means it is overwhelmed and for all intents and purposes, it becomes inaccessible to the rest of you.
There isn’t anything specifically clever about it. If you or your company runs a website, any of us have the tools to shut it down. Just like any of us have the tools to take a life.
The major problem we were facing is that our old hosting company, Linode, really only concern themselves with self-preservation. Their approach to recognising an attack is to take the target site off-line and wait until the attack goes away.
This seems quite sensible, until you get under the covers and ask for some help. And then there is a lot of “we feel your pain, we really like to, our policy is…” etc, all coming back to: No.
It is no surprise we are no longer with Linode. As a company, they have been – let’s be friendly – too pragmatic and concerned for their own network, and are apparently unable to step outside their self protection mode to help out.
Because when they cut whaleoil.co.nz off from the Internet, it also meant we couldn’t see who or what was going on. All we got was a “you’re under attack, you’re allowed back on when it stops”.
This was hugely frustrating, and culminated in a message that essentially told us we needed a US Court order to get them to tell us any detail of the attack “in case we were going to use any information in retaliation”.
I can assure you, it is very hard to fix a problem when you’re not allowed access to it to see what the problem is.
Linode? Never again.
Next problem? How to get about 50GB of data off a server that you don’t have access to.
Do you think Linode gave us a hand? Well, since it was obvious to them we were in the process of leaving as a customer, I don’t think they saw the value in suddenly ramping up their customer service levels.
Linode? Never again.
The somewhat humourous situation was that the denial of service (DOS) attack was completely irrelevant to us. Our nemesis was our own hosting company! Absurd.
Because, at the first instance, we didn’t expect to be fighting the enemy within, we weren’t making any plans to move to a different hosting provider. That was one day down the drain. Then, when the fight of getting our data off started, that chewed up the next day.
It did allow us the time to do something else with the DOS attack. Since we were down and out anyway, and we weren’t looking to fix it to get the site to stand back up at Linode, we also asked the Police Cyber Crime unit to get involved. Not only is a DOS attack illegal, death threats had been made, and it had to be determined if the DOS attack and death threats were linked.
Our first guess, on day one, was that the Scoop “India Branch” were responsible for the attack. After all, only hours earlier Whaleoil published an article showing the Scoop Media’s public Alexa data shows that not even 11% of their web site visitors come from New Zealand. Instead, nearly 65% of Scoop’s web site traffic comes from India and Pakistan.
It seemed obvious, and due to the nature of the attack, the source could easily have been Scoop’s friends. But hours into the problem, that was only a guess.
Next, we had upset some people around Greymouth. And one of the “hackers” posted a few Facebook messages from a freshly minted Facebook account among all the other real Facebook accounts boasting that he was attacking Whaleoil.
This appeared immediately odd, because the likelihood of a few dozen people on the West Coast bringing (what turned out to be) a fairly well resourced attack to bear wasn’t likely.
So that really left us with one other option. We can’t speculate in public, although I’m sure you will. Just be clear that we can’t for obvious legal reasons, confirm or deny.
We know who’s behind it. We can’t prove it in a court of law. So the only thing we can do is keep our mouth shut, protect our systems as best as possible, and carry on.
The drive to leave even a veiled hint as to what we know is quite huge, but I’m sorry to say, this one will have to be fought out in a different way. Once it is all over, we may be able to tell you how it all came about.
So to be clear, the Scoop “India Traffic” scandal, the West Coast “Feral” problem, and our DOS attack are 3 distinctly different things that aren’t linked other than the fact we happened to be covering these issues at the time.
Although being off the air for several days has been hugely frustrating for all of us, the actual damage has been quite minimal. About 10% of some ad revenue is lost. Of course we’ve incurred some bills behind the scenes for additional service and the use of some guru brains.
But instead, Whaleoil has been the lead story in the media for two days. Our profile is continuing to increase. And the offers of help, financial and practical, have been as humbling as they have been generous.
And the thing is – whatever the attacker thinks has been achieved – it has at best delayed it by a few days. Because Whaleoil is back, and none of the stories that are in the pipeline have been pulled. If anything, it’s simply ensured that even more of them will come out over the coming weeks.
Thanks everyone, for your best wishes. Sorry you had such a hole in your day for a while. It’s back to business as usual. Unless the attacker’s aim is to have us off the air permanently. It will be fascinating to see how determined the attacker is in keeping Whaleoil muted.
If it becomes clear that this isn’t a mere act of personal spite and digital vandalism, but it is part of a prolonged and genuine effort to silence Whaleoil, we will simply have to fight fire with fire.
We will not be silenced.