By REBECCA RUTHERFORD
Los Alamos
This week popular fan-fiction site, Archive of Our Own, was taken offline intermittently for a day due to a DDoS (Distributed Denial of Service) attack. What is a DDoS attack? From CloudFlare; a distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Archive of Our Own is a website hosting a wide collection of fan-fiction for various fandoms, including Harry Potter, Star Wars, Marvel Universe and many, many more. The site encourages fans to express their creativity with whatever universe they love, and the site is LGBTQ friendly and does host some NSFW (not safe for work) content. The site is the largest archive of fan-fiction in the world, and one of the most highly trafficked sites on the internet.
The site was first reported down on July 10 via their Twitter account:
Several hours later, AO3 stated that it “look[ed] like the Archive [wa]s under a DDoS attack”, and let users know that it was “working on countermeasures” and promising that the site would be up again soon.
The attack appears to have been perpetrated by Anonymous Sudan, a hacktivist collective that claims to be an Islamic terrorist gang, though this claim has been disputed by cybersecurity experts. The group also recently targeted Microsoft Outlook, UPS, and Scandinavian Airlines, causing major issues for all the services, at least briefly. Anonymous Sudan claimed to be responsible for the DDoS attack, then posted a ransom of $30,000 USD in Bitcoin on its Telegram page. The group stated that it would continue their attack of AO3 for “weeks”, but the attack was patched fairly quickly with the site regaining functionality within a day. For a site largely run by volunteer admins, this recovery was remarkable.
The main site has been restored, though sites hosting donations supporting the site remain down, with Anonymous Sudan continuing to claim responsibility for the attack, and citing “moral objections” to the site’s NSFW and LGBTQ content. It appears much more likely the attack is just an attempt to extort money from a website that relies largely on donations.
Recent blog posts from AO3 note that they are working to mitigate the attacks, no user data has been compromised, and site users should proceed to use the site normally.
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.