A Security Update
Many thanks to everyone who has responded to my post Saturday morning about our security issues. Thanks to all who made contributions. Thanks to the cybersecurity professionals (and amateurs) who have reached out with advice and suggestions. Thanks as well to the companies that have offered assistance. And thanks finally to the many people who disagree with a great deal of what they read on this site yet have supported us---publicly and privately---over the past few days.
Published by The Lawfare Institute
in Cooperation With
Many thanks to everyone who has responded to my post Saturday morning about our security issues. Thanks to all who made contributions. Thanks to the cybersecurity professionals (and amateurs) who have reached out with advice and suggestions. Thanks as well to the companies that have offered assistance. And thanks finally to the many people who disagree with a great deal of what they read on this site yet have supported us---publicly and privately---over the past few days. These sort of attacks are, first and foremost, attacks on speech and disagreement. With that, here's an update.
The good news: We are getting the situation under control and it may not be as bad as we feared on Friday. Our technical management team at Blue Water Media informed me yesterday that, after studying the crashes that took place Friday carefully---crashes that took place in the context of the denial of service attacks we had been experiencing and had certain other features suggestive of an intrusion---they actually do not believe that an intrusion is the likeliest explanation for what happened. While we cannot rule out greater mischief, in other words, we appear at this stage to be largely dealing with denial of service attacks. Moreover, I have managed to restore the posts that mysteriously went missing last week, thanks to the fabulous service provided by the Internet Archive: Wayback Machine, which I used so aggressively this weekend that it actually blocked me, having apparently concluded that I was a denial of service attack. We are taking a series of steps---which, for obvious reasons, I am not going to specify---to make the site more robust against this sort of attack.
Here's the bad news: As many readers found out this morning, when Lawfare was unavailable to a large number of people despite being up and running fine, defensive steps can be---in the short term, anyway---blunt instruments. Protecting against denial of service attacks can lead to, well, denial of service. We appreciate all who called in or tweeted at us information about the site's availability from different locations. It was extremely helpful. (If you cannot access the site, please let us know.) While over the coming days, we expect Lawfare to be both more resilient and to behave more normally from a reader point of view, there may be other glitches between now and then. I ask everyone's forbearance as we work through things.
Honestly, I've never done this before, and it's been, well, an education.
Benjamin Wittes is editor in chief of Lawfare and a Senior Fellow in Governance Studies at the Brookings Institution. He is the author of several books.