Criminal Investigation Begins
State and Federal authorities have begun an investigation into the hacking of Joe Lieberman's website on the eve of the primary. Even though there were many left pundits who swore it had nothing to do with hacking, but tried to say it was unpaid bills, it appears to have been a genuine attack. Authorities are proceeding on that basis.
The site, Joe2006.com, appeared to have suffered from a so-called "denial of service" attack, in which computers overwhelm a site with fake traffic so real visitors can't get through, said Richard M. Smith, an Internet security consultant in Brookline, Mass.
The Lieberman campaign denied speculation among liberal Web pundits that the centrist Democrat's Web site had simply crashed because it used a low-budget Web host unable to handle the volume.
Web hosting can cost anywhere from a few dollars a month for a personal Web site to thousands of dollars for large corporate sites.
The campaign spends about $100 to $150 a month on Web hosting services with MyHostCamp, said Dan Geary, who administers the site for the campaign. Geary said that MyHostCamp, which is owned by a friend of Geary's, gave the site more than enough bandwidth — 200 gigabytes a month — to handle a crush of visitors.
He said an analysis of the server suggested an attack that focused on specific components of the Web site such as internal files and e-mail.
But Smith said that even if there's enough capacity, as important is the amount of security it has to keep intruders out.
"There are measures that can be implemented to protect against this type of attack," Smith said. "I think they went a little cheap here. This kind of looked like a low-budget hosting service."
Geary insists security was adequate, saying MyHostCamp's servers are monitored by a larger company, Server Matrix, and administered by a major Web hosting company, The Planet.
"Was it the greatest security ever? Well it just got hacked so, no," Geary said. "But we had industry-standard security. We could stop bows and arrows and bullets, but not a tank, and that's what this attack was."
Joseph E. Horzepa, general counsel for The Planet, said he could not comment on specific customer issues, but said the company was "very sensitive to security."
The FBI is involved in the investigation. It will be extremely interesting to see who they nab.
Uncategorized | Gaius Thursday, 10 August , 2006
By Fersboo, Thursday, 10 August , 2006 @ 3:04 pm
Say it isn’t so! I was led to believe that only Rethugicans played dirty tricks on election day.
By Scott W. Somerville, Thursday, 10 August , 2006 @ 3:13 pm
I started off by ASSUMING it was a hack… but I’ve just been learning about bandwidth for my own storefront site, and hadn’t realized that you have to pay for your bandwidth up front, and they turn off your site if you exceed it.
Of course…
That makes it all too easy to crash an under-engineered site. You just write a script to hit it and download everything it’s got until you suck the bandwidth dry. Then (knowing exactly WHY the bandwidth bills weren’t paid) you point out that Senator Joe is too cheap to pay his web bills. (Insult to injury!)
Of course… the site could actually have just been underengineered. Blogs have been known to crash after an Instalanche. But it’s worth investigating–and if a script generated the hits, it’s at least as much of a civil rights violation as any of the stuff they say happened in Florida in 2000.
By Gaius, Thursday, 10 August , 2006 @ 3:18 pm
It sounds like two things - there was a hack, then there was a DDOS. Actually, it’s pretty hard to exceed 200 Gb by just casual traffic. My service will automatically give me extra bandwidth (for a fee of course).