Think of all the recent DDoS attacks. They all seem to share the common trait of bad guys disrupting the normal flow of data against a legitimate business. Sometimes, these attacks are used for revenge, and other times, they are used for ransom. Sometimes, however, the bad guys become the targets. This is the story of an odd caper that played out on the dark web in September.

In this two-part series, I explore a recent attack that was carried out on the Tor network. In part one, I describe the event and what little information may be gathered from publicly available sources. In part two, I discuss what I deduced from the information, including how the attacks may have been carried out along with possible culprits.

Who doesn’t love a good mystery?

On September 14, 11 parallel DDoS attacks targeted the largest darknet drug markets, effectively taking an entire industry offline. This event poses a number of interesting questions about both the underlying technology and the motivation and identity of the attacker. As of this writing, the story is still unfolding. As a cybersecurity researcher, I found some fascinating and curious characteristics in this event that are worthy of exploration.

First, let’s dispense with the ethical problem of such an exploration. All law-abiding citizens benefit from the eradication of illegal drug markets. Our job as cyber sleuths is to unravel some of the possible vulnerabilities that allow any enterprise to be taken offline. Such vulnerabilities, regardless of the target, threatens the entire e-commerce industry. In order to not promote any of these illegal enterprises (some of which are back online), I will not mention any of the illegal sites by name.

The first hint of trouble came from some online posts by a site administrator. One message posted to (Read more...)