Las Vegas Sun

November 26, 2014

Currently: 65° — Complete forecast | Log in | Create an account

Las Vegas Sun, sister websites recover from disruptive cyberattack

Updated Saturday, Nov. 24, 2012 | 9:53 p.m.

Four Greenspun Media Group websites -- lasvegassun.com, lasvegasweekly.com, vegasinc.com and vegasdeluxe.com -- were temporarily disabled or compromised for several hours Friday night into Saturday morning, the results of a cyberattack that effectively overwhelmed servers that maintain the online media sites.

Those who did gain access may have noticed that content hadn't been updated in some cases. Later, after those issues had been resolved, some users were involuntarily redirected from one site to another — for example, trying to access the Sun site and winding up at the Weekly site. This is the result of a cyberattack known as “Distributed Denial of Services,” or DDoS.

“The idea of a DDoS is to block service from happening,” San Francisco-based IT and Web operations freelancer Yaakov Nemoy said. “If somebody has a service running, like Amazon, it would block people from accessing it. In this case, it is preventing people from reaching the newspaper site.”

Such attacks overwhelm a website so it shuts down, but don't infect the sites with a virus.

Nemoy said that a DDoS attack usually involves a network of computers known as a “botnet,” controlled by an attacker and operated remotely, typically without the knowledge of their owners. The botnet, which can be made up of hundreds of thousands of computers worldwide, can be given instructions to send information to a targeted website server, swamping it with data and prohibiting other legitimate users from gaining access to it. Either for fun, malicious mischief or criminal intent such as for extortion, people can launch an attack simply with certain software and renting botnet time from their creators.

“It used to be that only tech savvy people could do it,” Nemoy said. “But the tech savvy people have decided to make (their services) a business model.”

For the target of the DDoS attack, the result could be not only a drop in traffic to that site but loss of revenue, said Nemoy, who has dealt with two large-scale DDoS attacks.

There have been reported DDoS attacks on banks, small businesses and larger sites such as PayPal. In the Sun’s case, the attack easily overwhelmed the CenturyLink servers that operate the Greenspun Media Group sites.

A CenturyLink spokesperson was unavailable to comment.

Jeremiah Gowdy, who works as a systems architect for FreedomVoice Systems, said DDoS attacks have become more common in recent years, with access to botnets more easily obtained through prepaid credit cards that prevent law enforcement from tracking the person paying for it. Investigations into the attacks are further stymied because the data flood is generated by computers that were taken over by remote operators, without the knowledge of the computer owners.

Defending against DDoS attacks can cost smaller businesses thousands of dollars, even though an attack may never occur.

“It’s so hard to associate the people involved in the attack to prosecute the people that need to be punished,” Gowdy said.

Greenspun Media Group, which operates the sites, is working to return site operations to normal. The attack will also be reported to legal authorities.

“We worked literally around the clock to solve the problems stemming from this attack, and we’ll keep working until service is completely back to normal,” said GMG Managing Editor Ric Anderson. “In the meantime, we thank our visitors for their patience.”

Join the Discussion:

Check this out for a full explanation of our conversion to the LiveFyre commenting system and instructions on how to sign up for an account.

Full comments policy

Previous Discussion: 6 comments so far…

Comments are moderated by Las Vegas Sun editors. Our goal is not to limit the discussion, but rather to elevate it. Comments should be relevant and contain no abusive language. Comments that are off-topic, vulgar, profane or include personal attacks will be removed. Full comments policy. Additionally, we now display comments from trusted commenters by default. Those wishing to become a trusted commenter need to verify their identity or sign in with Facebook Connect to tie their Facebook account to their Las Vegas Sun account. For more on this change, read our story about how it works and why we did it.

Only trusted comments are displayed on this page. Untrusted comments have expired from this story.

  1. Conservative funny business?

  2. I never noticed. Sorry.

  3. Liberal funny business?

  4. Independent funny business?

  5. Now I see why I could not access the site early in the morning. I find it disturbing that someone would try such a terroristic tactic to quiet the site. There are certain things that are inviolable in the United States; an important one of them being freedom of speech. I normally disagree with the Sun's "speech" but feel free to refute it with speech of my own, as do many other posters on the site. In this instance, whether we are left, right or just don't give damn, I believe the vast majority of us can agree that's a much better way than to try and stifle free speech.

  6. In some ways it is unfortunate that victims of various attacks can no longer legally take steps to extract revenge in ways that were common back at the beginning.

    "Mail bombs" were a common response, as was reverse-cracking. Although it might be satisfying to take down an attacker's system, I do not suggest that anyone do this since you will now face the same criminal charges as your attacker does.

    I hope the Sun's provider gets on the ball and helps with defense against this in the future. There is nothing that can be done to prevent such an attack, but steps can be taken at the ISP level to mitigate it.