Popular blog publishing platform WordPress.com suffered the most serious distributed denial of service (DDoS) attack in its history yesterday. While it is so far unknown who launched the DDoS, the company says they believe it to have been “politically motivated.”
“There’s an ongoing DDoS attack that was large enough to impact all three of our datacenters in Chicago, San Antonio, and Dallas — it’s currently been neutralized but it’s possible it could flare up again later, which we’re taking proactive steps to implement,” WordPress founder Matt Mullenweg told TechCrunch. “This is the largest and most sustained attack we’ve seen in our 6 year history. We suspect it may have been politically motivated against one of our non-English blogs but we’re still investigating and have no definitive evidence yet.”
The attack caused temporary disruption to many of the approximately 30 million websites WordPress serves — sites like TechCrunch, CNN, CBS and yours truly, Digital Trends. WordPress-powered sites make up 10 percent of all websites in the entire world.
So who launched the attack, and why?
Sadly we don’t currently know. These days, DDoS has become nearly synonymous with hacktivist group Anonymous, which used this type of attack to take down a wide variety of websites, including the corporate sites of Visa and Master Card. But there’s so far no evidence to pin this particular attack on Anon — and none of their standard press releases that are usually published in conjunction with Anonymous campaigns of upheaval.
WordPress has a large number of “non-English blogs” on its network, so that only narrows things down slightly. And if you haven’t already noticed, there’s a lot of “politically motivated” disruption going on throughout the world right now, with varying degrees of social unrest sweeping through many countries in the Middle East and northern Africa, and spreading to countries in Asia. These political dissidents are increasingly using blogging and other self-publishing outlets to organize protests and get word of their struggles out to the rest of the world, so it’s possible that one of the contended governments orchestrated the attacks for their own purposes.
In fact, WordPress.com was not the only site to be targeted in a DDoS attack yesterday; the government of South Korea issued a cyber security alert stating that the websites of 29 government and other agencies had been affected by DDoS. Those sites included those of “the presidential Blue House, the US forces, the military Joint Chiefs of Staff, the ministries of foreign affairs, defense and unification, parliament and the tax office,” AFP reported.
It’s unclear whether the attack on WordPress.com and on those listed above are related. But if they are, it’s obvious this wasn’t just the work of someone upset with the latest WordPress CMS update.