Fairfax, VA, USA. TS-Si.org sustained and defeated a Distributed Denial-of-Service (DDoS) attack designed to prevent access by our users and disable certain site features.

The confirmed attack destination was the article entitled Classic Transsexual and its associated comments.

TS-Si does not tolerate interference in its operations. The external sources have been blocked and repair efforts completed. We are in the process necessary to impose punitive remedies on the perpetrators.

This column provides a description of the attack and its aftermath. Unfortunately, what should be a straight forward technical situation of interest to law enforcement became politicized. Fueled by an unsavory cultural conflict, the aftermath mentioned below demonstrates an overall deterioration in civil dialogue and plain common sense.

Background

This situation has plenty of precedents. Following our phase change in 2004 from a private list to a web site, the predecessor domain to TS-Si.org published its first test article in May of that year. We have grown substantially since that time, combining original texts, reprints, and collaborative pieces to serve our readership.

We set up the site fully aware of the need for security, given the subject matter and focus on people born transsexual. We weathered all sorts of physical attacks on the site, mainly from sources that identified themselves as transgender-oriented who disagreed with our position on the subject, or from pornographers interested in "teaching us a lesson" of some sort.

There are all kinds of motivations behind such behavior. Industry-wide analyses have shown that once financial and partisan political actions are subtracted from the mix, what is left has a lot to do with very dark psychological states. The targets of attacks aren't even very important to the act. Perpetrators attack most sites, including TS-Si.org, because they enjoy it. They are bullies, plain and simple.

In our case, the presence of "transsexual" is a convenient but phony rationale — an excuse. We have heard from colleagues at sites that deal with cancer, child abuse, fund raising for homeless war veterans, you name it — they too have been attacked over nothing more than the desire of a twisted someone, somewhere to inflict pain and "teach a lesson".

We deal with these things on a constant basis. Most often, the public is unaware of the struggle but there are times when one of them reaches the awareness of our users. This has been one of those cases. We are very sorry that our visitors were inconvenienced. We have taken steps to further elevate our defenses and prevent a recurrence (or, at least, minimize the impact).

The Launch Site

The source of the attack was a pornography site under management by a group known for spamming to achieve a larger customer base. They also launch hostile actions against sites, or certain individuals that appear on those sites, on the basis of what appears to be personal animus. I will not disclose the identity of the site to protect an ongoing investigation by law enforcement authorities (here in the US and abroad).

The effect of the attack on TS-Si.org was amplified by being distributed through another group of sites. A DDoS involves targeting the site from multiple external systems. The perpetrator in this case acted as a single source that turned subservient servers into zombies that did the actual accesses.

The zombies were from a collection of online poker sites, led by "twoplustwo", a "dot com" site with very high traffic and a highly active forum. I have not included the full URL because of the known adware and malware threats.

The owner of the domain is a company in Henderson (Nevada, USA), within the Los Vegas metropolitan area. It is administered from a location in Pittsburgh (PA, USA), with resources here and abroad.

A particular forum thread on that site, Things that have always bugged you, was the first to relay the access requests. It was wired to launch repetitive accesses to the TS-Si.org web page, which was then followed by requests from other threads and allied sites. The individual implicated in this effort has been identified and cited for his actions.

Attack Sequence

On 5 September 2009, TS-Si.org was subjected to a Distributed Denial-of-Service (DDoS) attack in an attempt to make the site unavailable to its users.

A DoS attack is a blunt instrument: it launches repetitive requests to access a web site's resources in an attempt to render the resource unavailable to its intended users. Certain high-profile cases that make the news are those intended to cripple financial or social networking sites.

This method of attack can also be used to attack personal web sites or groups that fit the perpetrators' notions of an undesirable presence on the web.

While the overall target was TS-Si.org, the specific destination was an article entitled Classic Transsexual and the accompanying comments. Ordinarily, the attack would have no more impact on that page than any other on the site, since a DoS attack primarily affects the server and overall site access, regardless of the specific page.

However, this attack pointed at a specific page address, which meant there were numerous page loads and (browser) renders that often conflicted with each other. We redirected resources to that point but it strained both the server software and the application that processes the comments.

Our servers processed 72.35 million requests for service during the few hours that led up to my first bulletin on the comment thread that an attack was underway — at 2009-09-05 09:26:11 EDT(US).

Since such an attack can overload a server, the system configuration can lose its alignment as it actively resists the intrusion. A number of things went wrong but were handled on the fly as our protections activated to deflect the intrusion. The facility that handles visitor comments appended to articles was affected, particularly difficult because it is highly visible to our visitors (more on this, below).

We could have taken the site offline and restored a backup fom an earlier time period, but that would stimulate even more charges of comment deletion and unfair treatment. Moreover, we would still have the problem of server/application misalignment. We decided to risk repairs on the fly. We have some very good people in our support network.  

TS-Si Actions During The Event

Our system-level processes protected the site and kept it available to visitors, albeit it with reduced performance and services. The visitor service most affected was our facility for posting user comments. The settings for system software and the application were misaligned. The comment threads were limited in size and extent (i.e., number of comments per article).

During our clean up period after the attack, we reduced the number of active allowable comments per article — any article — throughout the site to reduce server load and work on the misconfiguration issue. We did not want to inconvenience our users too much, so we selectively disabled some of the comments.

As I stated in one of my site updates posted to the Classic Transsexual column, we started with most of the comments by our principals, Sharon Gaughan and Lisa Thompson, joined later by some others. We only did what was necessary, but recognize that the discussion flow was seriously affected. The only alternative was to unpublish all of them.

In any event, and as promised at the time, all comments have been restored to their orginal state and position in the comment thread. No comment or personal information has been compromised in any way during this process. You can continue to comment anywhere on the site in complete confidence and we encourage you to do so.

Aftermath

I could stop the account of the attack right here except for the unsavory cultural conflict that erupted in its wake. We did choose to stay online and selectively unpublish some of the comments. Those actions were taken as evidence by Susan (SA-ET) of a deliberate attempt to embarrass Susan, as discussed in the post entitled Allies and a Recent Skirmish at the Enough Non-sense blog.

Some of the people who posted comments on Susan's post speculated on everything from TS-Si's conspiratorial intentions through recyled accusations of bad faith through our alleged transgender sympathies. After much consideration, I decided that a point-by-point refutation of these scurrilous charges would provide them with unjustifiable publicity. The original comments on Classic Transsexual have been restored. That will suffice for now.

I did leave several comments on Classic Transsexual that set forth my personal position on issues (and, where appropriate, those of TS-Si). One of my comments may be worth a second look, given the context of this column. The excerpt is below, nearly verbatim, with only minor editing for clarity:

(1) We did sustain a Distributed Denial of Service (DDoS) attack that took several hours to resolve. The server never did go down altogether, but took some damage.

(2) As I pointed out in an earlier comment near the end the discussion, we took some damage to our server system configuration. One of the results was a destabilization of the commenting facility. We had to unpublish some of the comments. Not wanting to inconvenience our users, I unpublished most comments by Lisa Thompson, Sharon Gaughan, and another person who understands the need. We did this to stay within a ceiling we set on comment entries while we worked out a permanent solution.

The current limit is set for "50" comments per article. If necessary, I will unpublish some more comments while we work on the problem. Once resolved, we will readjust the ceiling to accomodate a much larger comment thread.

(3) We have not yet fully resolved the issue but expect a fix in the next few days. When that happens, we will restore all comments in the thread — as pledged in my updates on the problem.

(4) We practice transparency on this site, which is why I posted a series of updates to keep readers appraised of the situation.

(5) Since our founding, this site has been subjected to all manner of attacks from external sources in an attempt to disrupt or eliminate our operation. We seldom report publicly on such things, feeling it would be an unnecessary distraction. In this case, the DDoS effects were visible to our users and we felt it necessary to provide an explanation. We will do a wrap-up at a later date.

(6) The most recent stimulus for my comment here is an entry by Susan (SA-ET) that cites Lisa Thompson, discussing her and TS-Si. I have appended the passage for your review. [cf. Note]

Posted by Susan (SA-Et): She has since deleted the comment she made that lead me to respond in that manner. She also deleted a second baiting comment. That’s the TS-Si way of controlling opinion…bait with a an insulting, asinine comment, and then delete the baiting comment after one responds. Baiting someone on your blog with a comment and then deleting the baiting comment to make the person who addresses it look bad is pubescent child behaviour. I don’t participate in that kind of crap, and no doubt there will be no one who questions TS-Si about why she deleted her two baiting comments after I responded.

Once again, please note: Lisa Thompson did not delete any comments. I unpublished some of them to avoid further crashes of the commenting facility. As stated during the attack, we will republish them when I am satisfied the system issues are fully resolved.

Quod Erat Demonstrandum

Ms. Sharon Gaughan is a Co-Founder, Principal, and Managing Editor of TS-Si. She also is a columnist for the TS-Si website. Sharon's signed articles contain her own opinions and do not necessarily convey an official position of TS-Si, its partners, or affiliates.

Sharon welcomes your comments. You can reach her via the public form below, her TS-Si Contact Page, or on Facebook (Sharon Sinead Gaughan).

The TS-Si News Service is a collaborative effort by TS-Si.org editors, contributors, and corresponding institutions. Sources can include the cited individuals and organizations, as well as TS-Si.org staff contributions. Articles and news reports do not necessarily convey official positions of TS-Si, its partners, or affiliates. We welcome your comments. Use the form below to leave a public comment or send private correspondence via the TS-Si Contact Page. We will not divulge any personal details or place you on a mailing list without your permission.


TS-Si is dedicated to the acceptance, medical treatment, and legal protection of individuals correcting the misalignment of their brains and their anatomical sex, while supporting their transition into society as hormonally reconstituted and surgically corrected citizens.

Tweet