Malaysia Today Under DDoS Attack

Here's an explanation of the DDoS attack on Malaysia Today website:

Further complicating the trace of attacks is the use of free proxy servers, on random basis, by the attackers. This is an irony, as we have been advising our users to use such proxy servers to overcome any potential content filtering by the government.

All the malicious activities and behaviours bear the hallmark of professional, for-hire hackers. These are certainly no amateurs, judging from the persistence and frequency of the attacks, with the main objective of making the content of Malaysia Today inaccessible to the public.

The gist of it is that Malaysia Today was DDoSed. However, I found the quotes above speculative and sensational by nature. Performing a DoS does not require any specialized skills, neither that you have to be a professional hacker to do so. The only thing that you need is lots and lots of zombies, and that's about it. You can even DoS a HTTP server by making partial requests, as described here. This uses very little resources.

This problem however, is easy to mitigate. Why not host the server on blogspot? On a smaller scale, mod_evasive would be useful to block and limit connections. It can also be used to detect the attacking IPs, which can then be fed to firewall and router exclusion list.

Now, for those who are interested in conspiracy theories, speculative and sensational news - the question would be "is the Malaysian government behind the attacks?"

Before answering this question, is it worth asking whether the Malaysian government have the capability to launch DDoS attack.

Short answer: Yes.
Will they do it? No.

Based on the information by LKS, the DoS attack seems to come from free proxy servers on a random basis. If the government utilizes external proxy servers, their originating IP addresses can easily be detected by the third party ISP (remember, the government's network infrastructure is managed by GITN). This will definitely expose the Malaysian government.

LKS also didn't mention the source of the IPs (heck, these can easily be detected) - and we don't know why (probably wanting to make the issue more sensational?). If the IPs come from government networks, it will definitely expose whatever the government is doing.

And finally, if it is really the Malaysian government's doing, then it shows that the government is really desperate to cover up the leaked PKFZ documents. They have failed to block Malaysia Today over the past few years, so the next 'logical' step is to DoS it, no?

Now, if you must ask, who in the government is doing the DDoS attack, if they really do it? Short answer: None. The government has no skilled hackers to perform DoS, let alone to differentiate between Windows Vista and Windows 7. They can't even use the Linux shell environment properly. I've trained some of them (people from MINDEF, and various govt agencies) and, no, they ain't got the skills. The hired hackers then, are friendly government contractors, and those that are directly hired (yup, a certain agency did try to hire "hackers").

Anyways, the real answer to the obviously speculative and sensational question is to investigate the matter further.