Application security

Blue Security site recovers from attack

The website of Israeli-based Blue Security is operational today after it sustained almost a weeklong DDoS attack that apparently was in retaliation for the company's anti-spam business model.

"A desperate spammer tried to destroy our community last week: he failed," Eran Reshef, Blue Security CEO and chairman said in a letter posted on the site. "The attack he unleashed knocked BlueSecurity.com and many thousands of other sites off the internet."

For nearly eight hours last week, the ambush also crashed TypePad and LiveJournal services belonging to blog host Six Apart, internet monitoring company Netcraft reported. While experiencing the DDoS attacks, Blue Security redirected web traffic to a restored Six Apart blog, which subsequently was attacked.

LiveJournal is home to more than 1.8 million blogs, while TypePad hosts thousands more, Netcraft said.

"Rather than simply comply with our community's desire to not receive spam from him, he unleashed the internet equivalent of a 'Doomsday Device,' causing BlueSecurity.com to be disconnected from the internet backbone and then unleashing a massive (DoS) attack, the likes of which have not been seen for a long time," Reshef said.

Blue Security – with offices in Menlo Park, Calif. – presumably was the target of the attack because of its Blue Frog anti-spam service, which lets members join a Do Not Intrude Registry. If the spammer continues to send messages to registry members, the service sends mass unsubscribe requests to the website advertised in the spam emails.

"If spam messages are sent to Blue Community members, in violation of the registry, Blue Security identifies the merchant's website advertised in the messages and issues an initial request asking the merchant to stop sending spam to the community," according to Blue Security. "If these requests are not resolved...Blue Security develops a script that includes a set of instructions how to submit an opt-out complaint on the merchant's website."

The number of unsubscribe requests sent to the website does not exceed the number of spam messages received, the company said.

Because many other sites were disrupted, experts have criticized Blue Security for redirecting traffic elsewhere, saying company officials should have known the attacks would follow them to the new site and affect thousands of other blogs.

"A lot of other innocent websites got caught in the spammer's line of fire besides us," Reshef said. "We're sorry that the digital bullets meant for us hit you, too."

Guy Rosen, a Blue Security analyst, told the SANS Internet Storm Center in an email last week that the company website began receiving spam-based threats and accusations last Monday. He did not elaborate on their content.

By Tuesday, major DDoS attacks were launched on the service's servers "with adverse effects to several different hosting facilities in which they were located," Rosen said.

As a response, the company redirected traffic to the blog, he said. Within an hour, though, hackers began launching DDoS attacks against that site. On Thursday, the attacks continued at an estimated rate of 10 million packets per second as Blue Security worked to relocate its servers. Service restoration began Friday.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.