Rolling Stone allegedly DDoSed for negative story

Perverted Justice


Federal prosecutors accused a Pennsylvania man of unleashing a crippling series of attacks against the websites of Rolling Stone and other groups after they published articles that cast him in an unfavorable light.

Bruce Raisley carried out the DDoS, or distributed denial of service, attacks by infecting computers with software and then directing them to overwhelm the websites with a torrent of traffic. During the height on the attack on Rolling Stone in July 2007, requests for the unflattering article skyrocketed from a "few page requests per day to millions of page requests per day, causing the website to experience significant slowdown," an FBI agent wrote.

Raisley entered a plea of not guilty during a brief court hearing on Tuesday afternoon, according to Erez Liebermann, an assistant US attorney handing the case.

Other websites that were attacked over an eight-month period included Perverted Justice, Corrupted Justice and Super Patriot. The sites carried one of two stories detailing the actions of a group known as Perverted Justice.

Both articles recount the same story of an online relationship Raisley was said to have begun with someone he believed to be a woman named Holly. According to the articles, Holly turned out to be Perverted Justice leader Xavier Von Erck, who carried out the masquerade in a public campaign to exact revenge on Raisley. According to the complaint, Raisley was a volunteer with Perverted Justice in 2004.

Investigators tracing the origins of the attacks got a major leg up after discovering that one of the computers carrying them out belonged to the Academic and Research Network of Slovenia, which among other things helps run the Slovenian Computer Emergency Response Team.

CERT members were able to reverse engineer the bot and discover it was reporting to dosdragon.com and n9zle.com for instructions about which websites to attack, a finding that was later independently confirmed by members of the US CERT. (If the bot was unable to reach the command and control channels, it was instructed to DoS a static list of sites). FBI agents later discovered that both domains and their IP addresses were under Raisley's control, according to court documents.

During a March 2008 raid on Raisley's Monaca, Pennsylvania home, agents confiscated a memory stick that contained copies of the bot software. A hearing in the case is scheduled for July 20. ®

Broader topics


Other stories you might like

  • Cloudflare says it thwarted record-breaking HTTPS DDoS flood
    26m requests a second? Not legit traffic, not even Bill Gates doing $1m giveaways could manage that

    Cloudflare said it this month staved off another record-breaking HTTPS-based distributed denial-of-service attack, this one significantly larger than the previous largest DDoS attack that occurred only two months ago.

    In April, the biz said it mitigated an HTTPS DDoS attack that reached a peak of 15.3 million requests-per-second (rps). The flood last week hit a peak of 26 million rps, with the target being the website of a company using Cloudflare's free plan, according to Omer Yoachimik, product manager at Cloudflare.

    Like the attack in April, the most recent one not only was unusual because of its size, but also because it involved using junk HTTPS requests to overwhelm a website, preventing it from servicing legit visitors and thus effectively falling off the 'net.

    Continue reading
  • Man gets two years in prison for selling 200,000 DDoS hits
    Over 2,000 customers with malice on their minds

    A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.

    A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.

    Gatrel, was convicted of owning and operating two websites – DownThem.org and AmpNode.com – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading
  • EnemyBot malware adds enterprise flaws to exploit arsenal
    Fast-evolving botnet targets critical VMware, F5 BIG-IP bugs, we're told

    The botnet malware EnemyBot has added exploits to its arsenal, allowing it to infect and spread from enterprise-grade gear.

    What's worse, EnemyBot's core source code, minus its exploits, can be found on GitHub, so any miscreant can use the malware to start crafting their own outbreaks of this software nasty.

    The group behind EnemyBot is Keksec, a collection of experienced developers, also known as Nero and Freakout, that have been around since 2016 and have launched a number of Linux- and Windows-based bots capable of launching distributed denial-of-service (DDoS) attacks and possibly mining cryptocurrency. Securonix first wrote about EnemyBot in March.

    Continue reading
  • Let's play everyone's favorite game: REvil? Or Not REvil?
    Another day, another DDoS attack that tries to scare the victim into paying up with mention of dreaded gang

    Akamai has spoken of a distributed denial of service (DDoS) assault against one of its customers during which the attackers astonishingly claimed to be associated with REvil, the notorious ransomware-as-a-service gang.

    REvil was behind the JBS and Kaseya malware infections last year. In January, Russia reportedly dismantled REvil's networks and arrested 14 of its alleged members, theoretically putting an end to the criminal operation. 

    Beginning in late April, however, the same group of miscreants — or some copycats  — appeared to resume their regularly scheduled ransomware activities with a new website for leaking data stolen from victims, and fresh malicious code.

    Continue reading
  • Microsoft sounds the alarm on – wait for it – a Linux botnet
    Redmond claims the numbers are scary, but won't release them

    Microsoft has sounded the alarm on DDoS malware called XorDdos that targets Linux endpoints and servers.

    The trojan, first discovered in 2014 by security research group MalwareMustDie, was named after its use of XOR-based encryption and the fact that is amasses botnets to carry out distributed denial-of-service attacks. Over the last six months, Microsoft threat researchers say they've witnessed a 254 percent spike in the malware's activity. 

    "XorDdos depicts the trend of malware increasingly targeting Linux-based operating systems, which are commonly deployed on cloud infrastructures and Internet of Things (IoT) devices," Redmond warned

    Continue reading
  • Verizon: Ransomware sees biggest jump in five years
    We're only here for DBIRs

    The cybersecurity landscape continues to expand and evolve rapidly, fueled in large part by the cat-and-mouse game between miscreants trying to get into corporate IT environments and those hired by enterprises and security vendors to keep them out.

    Despite all that, Verizon's annual security breach report is again showing that there are constants in the field, including that ransomware continues to be a fast-growing threat and that the "human element" still plays a central role in most security breaches, whether it's through social engineering, bad decisions, or similar.

    According to the US carrier's 2022 Data Breach Investigations Report (DBIR) released this week [PDF], ransomware accounted for 25 percent of the observed security incidents that occurred between November 1, 2020, and October 31, 2021, and was present in 70 percent of all malware infections. Ransomware outbreaks increased 13 percent year-over-year, a larger increase than the previous five years combined.

    Continue reading

Biting the hand that feeds IT © 1998–2022