The Drudge Report, the highly trafficked conservative news website, has been knocked offline for extended periods of time during the past two weeks, succumbing to large distributed denial of service attacks, according to its founder, Matt Drudge.
And it’s a mystery who’s behind it all.
Drudge wrote on Twitter that a December 30 attack was the “biggest DDoS since [the] site’s inception.”
A DDoS attack is executed by using hijacked computers or electronic devices to flood a website with redundant requests, aiming to overload the website’s hosting server and render it unavailable.
But, according to cybersecurity experts who spoke with Business Insider, using such a method to take down the Drudge Report would not be easy.
The website is already equipped to handle a high volume of visitors and scale out to accommodate spikes in traffic. Moreover, a website that generates so many page views would most likely employ strong defense measures, the cybersecurity experts said.
“The Drudge Report has a massive readership,” said Ajay Arora, the CEO and cofounder of the cybersecurity firm Vera. “Generally someone that has that kind of viewership is going to have sophisticated hosting and counter defenses against DDoS attacks.”
Since emerging in 1996, the Drudge Report has been a home to conservatives who feel disenfranchised by traditional media. Drudge has marketed his website as a news destination not controlled by corporate interests or politicians. And he’s had great success.
SimilarWeb, an analytics firm, continually ranks the Drudge Report as one of the five most trafficked media publishers in the US. According to analytics posted to the website, the Drudge Report has amassed approximately 775 million page views in the past 31 days — all with hardly any traffic coming from social-media channels.
It’s a high-prized target, one that now sees itself under attack by an unknown culprit.
Drudge has pointed the finger at the US government, tweeting that the traffic that downed his website had “VERY suspicious routing [and timing].”
“Attacking coming from ‘thousands’ of sources,” he wrote on the social-media platform. “Of course none of them traceable to Fort Meade…”
Drudge seemed to imply that his site was taken down in connection with punishment leveled against Russia for election-related hacking. The first attack on his website came hours after President Barack Obama announced the US would impose sanctions against Moscow, and the Drudge Report had previously been identified in a discredited Washington Post story as responsible for spreading Russian propaganda.
“Maybe they think this is a proportional counterattack to Russia,” tweetedSharyl Attkisson, a former CBS News investigative journalist. “After all they have decided @Drudge is Russian fake news, right?”
Neither the White House nor the Office of the Director of National Intelligence responded to requests for comment. But cybersecurity experts who spoke with Business Insider discounted Drudge’s claim on grounds that the government attacking a US journalist’s website would be a blatant violation of the Constitution — as well as generally improbable.
“If [Vladimir] Putin wanted to take down a website, I’m sure he could order it,” said Jared DeMott, a former security engineer for the National Security Agency who is now the chief technology officer of Binary Defense Systems. “If Obama wanted to do something like that, he’d have to go to different people. It would be a hard conversation to have.”
“Maybe if there was a military reason to have it,” DeMott added. “But domestically, there is no way.”
DeMott, however, posited that another nation-state could be the potential culprit.
“It definitely could be a nation-state,” he said. “They do stuff like that on an ongoing basis, whether they are looking for intel or trying to destabilize a political region.”
Arora of the firm Vera agreed, saying that only a “small number of groups” in the world had the sophistication necessary to execute an attack to take out the Drudge Report for extended periods of time.
“I would say it would be a group or nation-state that has pretty sophisticated methods and means,” he said. “Given the fact it’s happened a number of times and is persistent for well over a few minutes, and it’s coming from multiple sources, against a site that would have a lot of protection, it would indicate it’s someone pretty sophisticated.”
Chris Weber, the cofounder of the firm Casaba Security, agreed that because the Drudge Report was “getting so much traffic already,” a DDoS attack would need to be on a far “greater magnitude” to be effective against it.
“It does seem unlikely that the Drudge Report would be easily taken down or slowed significantly by a standard DDoS attack,” he said. He surmised that the attack that took down the website was perhaps more on the scale of the massive cyberattack that temporarily knocked out Dyn, a large DNS company, in October. WikiLeaks said its supporters were behind that attack as a show of support for the group’s founder, Julian Assange.
Outside nation-states, it is equally probable that the Drudge Report has come under fire from a “hacktivist” organization, perhaps unhappy with the political views espoused by the site’s founder.
Drudge has always been a controversial conservative figure, but in 2016 he went all-in for President-elect Donald Trump, often igniting controversy with inflammatory headlines emblazoned on his website.
But hacktivist organizations almost always take credit after a successful attack has been executed, experts said. So far, no one has claimed credit for the attacks on the Drudge Report.
And, without a group taking credit, it may be impossible to determine the culprit.
“Attribution has always been hard in cyber,” DeMott said. “The science is just quite not mature.”
Arora said any information Drudge “can provide in terms of motives” to a cybersecurity team would be helpful in identifying the responsible party.
“There’s a lot of people that don’t like Matt Drudge,” he said. “He likes to push people’s buttons. Anyone who he specifically has knowledge of, who would be out to get him.”
Arora added: “It’s not just a technology question, it’s also a motive question.”
8 January 2017