Criminal Justice & the Rule of Law Cybersecurity & Tech

Information Sharing on Our Cyber Attacks Today and Last Week

Benjamin Wittes
Tuesday, December 17, 2013, 5:40 PM
They say that the lack of information sharing is one of the major exacerbating factors behind cyber-insecurity. So I've decided that Lawfare is going to be entirely transparent about the attacks against our system last week and today. Last Wednesday, Lawfare experienced a brief outage, which our tech folks at Blue Water Media quickly got under control. The following day, I received an email informing me that "Last evening, the server hosting lawfareblog.com was subjected to a malicious Distributed Denial of Service attack (DDoS).

Published by The Lawfare Institute
in Cooperation With
Brookings

They say that the lack of information sharing is one of the major exacerbating factors behind cyber-insecurity. So I've decided that Lawfare is going to be entirely transparent about the attacks against our system last week and today. Last Wednesday, Lawfare experienced a brief outage, which our tech folks at Blue Water Media quickly got under control. The following day, I received an email informing me that "Last evening, the server hosting lawfareblog.com was subjected to a malicious Distributed Denial of Service attack (DDoS). Our hosting engineers detected the attack, identified the attacking IP addresses, and blocked them at the network level, successfully stopping the attack." The attacking IP addresses, both in the Netherlands, were identified as:
89.248.171.108
94.102.63.246
The Blue Water Media folks stressed---as do I now---that "since most DDoS attacks come from stolen IPs, through malware or injections, this does not provide concrete information." Today, the attacks began anew---again, all from servers in the Netherlands. First from this one:
93.174.93.123
And when that got blocked, from a bunch of others:
62.41.26.0/24
62.41.27.0/24
89.248.160.0/21
89.248.168.0/24
89.248.169.0/24
89.248.170.0/23
89.248.172.0/23
89.248.174.0/24
89.248.175.0/24
93.174.88.0/21
94.102.48.0/20
94.102.49.0/24
94.102.62.0/24
As I say, I have no idea who is behind this, and the people who run the servers associated with these IP addresses may be entirely innocent malware victims. But in the spirit of sharing data about cyber-attacks, this is the information I've got on ours---for any individuals, companies, or law enforcement agencies for whom it might prove useful.

Benjamin Wittes is editor in chief of Lawfare and a Senior Fellow in Governance Studies at the Brookings Institution. He is the author of several books.

Subscribe to Lawfare