Chinese Hackers Behind WordPress.com Attack

Chinese hackers may have had commercial, not political, motivation for the large DDoS attacks that brought WordPress.com to its knees last week.

WordPress.com was hit by a series of distributed denial of service attacks on 4 March, less than a day after recovering from a massive attack on 3 March, the company said. Parent company Automattic managed to mitigate the attack an hour after it began in the early morning, according to its status page.

Huge attack

The fourth attack in two days came in a “different form” than the earlier attack, Automattic said. The earlier attack, on 3 March, was the largest DDoS attack in its six-year history, and affected connectivity on its network of several million blogs, according to site founder Matt Mullenweg.

WordPress.com appeared to have operated normally over the weekend and reported no new issues.

WordPress.com founder Matt Mullenweg originally speculated the attacks may have been politically motivated and aimed at a Chinese-language blog that was on the WordPress platform but blocked by Chinese search engine Baidu. However, on further analysis, the primary motivation appeared to be more commercial than political, with 98 percent of the attacks originating in China, Mullenweg told ComputerWorld.

Automattic declined to provide any additional details about the attacks.

WordPress.com sees DDoS attacks fairly frequently, but having its three data centres spread out geographically in Chicago, Dallas and San Antonio makes the infrastructure strong enough to withstand most of them, according to Mullenweg. The attacks were significantly larger than usual, with WordPress.com being pummelled by multiple gigabits per seconds and tens of millions of packets per second, the company wrote in a blog post for its VIP customers after the first attack.

Companies generally rely on a geographically disparate network and a big bandwidth pipe to withstand large DDoS attacks, Jason Hoffman, co-founder and chief scientist at cloud provider Joyent, told eWEEK. Having as much as 50 percent more bandwidth than needed gives companies some buffer against these kinds of attacks, he said.

With botnets and cheap cloud-computing services at the attackers’ disposal, large DDoS attacks are becoming a possibility.

A slew of South Korean sites were also hit with a botnet-driven DDoS attack during the same time period. The attack targeted 29 sites, including various government ministries, the National Assembly, sites belonging to the United States military in South Korea and various banking services, and briefly shut down an online stock exchange. The Korea Internet Security Agency said the attack had been traced to about 21,000 zombie PCs, according to JoonhAng Daily, a local Korean news site.

Recent attacks

Hackers originating from China have been behind several major cyber-attacks recently. In a campaign dubbed Night Dragon by McAfee, hackers have used a combination of spear-phishing, social engineering, Windows bugs and remote administration tools to attack five energy companies since November 2009. A number of highly sensitive documents, including bid negotiations, oil and gas field exploration reports, and operational detail on SCADA systems monitoring oil and gas field production, have been stolen from these unnamed companies, according to McAfee. The attacks on these unnamed companies in the oil, energy and petrochemical sector is still ongoing.

Google announced in January 2010 it was hit by Chinese attackers over a six-month period in what McAfee called Operation Aurora. In this operation, attackers rifled through Gmail account information for several human rights activists in China. Confidential HBGary email leaked by hacktivist group Anonymous indicated Morgan Stanley may also have been targeted by the Aurora hackers.

The Chinese government has vehemently denied each of these accusations. “The allegation that China supports hacking is groundless,” foreign ministry spokesman Ma Zhaoxu told reporters during a regular briefing in February, according to the Associated Press.