Media sites brace for hactivist attacks

Traditional news companies and other websites covering this year's presidential election are preparing for a flood of Web traffic over the coming months, and not just from political junkies. Politically motivated hactivist attacks have become a top concern among companies providing election coverage online.

RELATED: Senate delays, maybe kills, cybersecurity bill

Bill Wheaton, senior vice president and general manager of Akamai's media division, says the 2012 election could generate roughly four to five times as much Web traffic as it did in 2008. At peak hours, he estimates that as many as 4 million people could be streaming coverage of the election simultaneously, as a result of the increase in devices and social networks facilitating access to streamed content.

RELATED: Whose high-tech exec job hinges on the presidential election?

"If you look at the coverage that the cable news networks are going to be providing online, they're going to allow you to cut to a lot of live feeds for different types of debates, and events and speeches and so on, much more than they could ever put on television," Wheaton says. "So the amount of content that they're going to make available is going to go up exponentially."

Naturally, news companies and other websites providing live streaming of election-related events have a lot on the line this year. As a content delivery network, Akamai works directly with such news sites as CNN, Fox News and Turner Broadcasting to ensure their Web broadcasts aren't interrupted. Coverage of this year's election has made for the first instance in which content providers are expressing concerns about hactivists launching distributed denial-of-service (DDoS) attacks, Wheaton says.

"They're looking out for all sorts of hackers," Wheaton says. "As you've seen, the activists move online in a much more aggressive way, and so news organizations have been attacked, as have presidential candidates. And obviously governmental sites have been attacked and that's been in the news quite a bit."

Indeed, hactivist targets of the past have included CNN's website, Fox News political correspondent Bill O'Reilly, and even the websites of the Department of Justice and the FBI. Through the first half of 2012, DDoS attacks increased 70% compared to the same period in 2011, according to research that website defense provider Prolexic provided to USA Today last month. A separate survey of Internet service providers released by Arbor Networks earlier this year concluded that "ideologically motivated 'hacktivism' and vandalism are the most readily identified DDoS attack motivations." 

Content providers have been familiar with DDoS attacks for years. What's so concerning now is how much more severe the attacks have become, says Tom Hughes, managing director of nonprofit hosting provider Hughes, who works with independent news sites in such countries as Iran and Myanmar, and has seen DDoS attacks launched by state-sponsored entities as a form of media censorship, says more media companies may be concerned about DDoS now simply because the attacks have become far more severe.

"The scale and the length of the attacks are growing exponentially," Hughes says. "It's growing at an incredibly rapid pace. What we would have considered to be a big attack a few years ago is now almost peanuts. The scaling up is going very quickly."

Years ago, common DDoS attacks would keep a website down for a few hours, in some cases "a day or two," Hughes says. Now, those attacks are bringing websites down for weeks at a time, including one case Hughes saw that put a website out of commission for 21 days.

"That's a hell of an attack," he added. "It goes on for a very long time, and 21 days would obviously kill any news media, in terms of operations."

However, contrary to what Wheaton has seen, Hughes says concern about DDoS does not necessarily translate into action.

"I'm not going to name any names, but I've come across a number of Western media outlets that are not prepared for this, and who basically admit as such," Hughes says.

He says that many media companies recognize that they need to protect against DDoS attacks, but adds that "particularly at a time when advertising budgets are shrinking and so on and so forth, it's a difficult prioritization for them to make."

At the same time, politically motivated attacks may become more likely in the coming months leading up to the election, with the national spotlight on related events, such as the Republican and Democratic National Conventions beginning in late August.

"The Internet, what it fundamentally is, is a tool which empowers and can be used by those that are not in control of processes in a country," Hughes says. "And whether that be the Occupy movement, hactivists or 'Anonymous,' or whoever it is, they are using it as a type of tool to try and, in their view, level the playing field."

Though they've seen different trends to this point, Wheaton and Hughes agree that the standard website, be it for news coverage or campaign purposes, cannot protect itself from DDoS without some kind of assistance. The election only raises the stakes on those willing to risk it on their own.

"Those websites are really important when it comes to fundraising and communicating with their constituents and all those things," Wheaton says. "They have to be up 100% of the time and can't be down due to attacks by various protestors or organizers."

Colin Neagle covers emerging technologies, privacy and enterprise mobility for Network World. Follow him on Twitter @ntwrkwrldneagle and keep up with the Microsoft, Cisco and Open Source community blogs. Colin's email address is

Read more about wide area network in Network World's Wide Area Network section.

Show Comments