Las Vegas Sun, sister websites recover from disruptive cyberattack

By Brian Nordli

Published Saturday, Nov. 24, 2012 | 11:52 a.m.

Updated Saturday, Nov. 24, 2012 | 9:53 p.m.

Four Greenspun Media Group websites -- lasvegassun.com, lasvegasweekly.com, vegasinc.com and vegasdeluxe.com -- were temporarily disabled or compromised for several hours Friday night into Saturday morning, the results of a cyberattack that effectively overwhelmed servers that maintain the online media sites.

Those who did gain access may have noticed that content hadn't been updated in some cases. Later, after those issues had been resolved, some users were involuntarily redirected from one site to another — for example, trying to access the Sun site and winding up at the Weekly site. This is the result of a cyberattack known as “Distributed Denial of Services,” or DDoS.

“The idea of a DDoS is to block service from happening,” San Francisco-based IT and Web operations freelancer Yaakov Nemoy said. “If somebody has a service running, like Amazon, it would block people from accessing it. In this case, it is preventing people from reaching the newspaper site.”

Such attacks overwhelm a website so it shuts down, but don't infect the sites with a virus.

Nemoy said that a DDoS attack usually involves a network of computers known as a “botnet,” controlled by an attacker and operated remotely, typically without the knowledge of their owners. The botnet, which can be made up of hundreds of thousands of computers worldwide, can be given instructions to send information to a targeted website server, swamping it with data and prohibiting other legitimate users from gaining access to it. Either for fun, malicious mischief or criminal intent such as for extortion, people can launch an attack simply with certain software and renting botnet time from their creators.

“It used to be that only tech savvy people could do it,” Nemoy said. “But the tech savvy people have decided to make (their services) a business model.”

For the target of the DDoS attack, the result could be not only a drop in traffic to that site but loss of revenue, said Nemoy, who has dealt with two large-scale DDoS attacks.

There have been reported DDoS attacks on banks, small businesses and larger sites such as PayPal. In the Sun’s case, the attack easily overwhelmed the CenturyLink servers that operate the Greenspun Media Group sites.

A CenturyLink spokesperson was unavailable to comment.

Jeremiah Gowdy, who works as a systems architect for FreedomVoice Systems, said DDoS attacks have become more common in recent years, with access to botnets more easily obtained through prepaid credit cards that prevent law enforcement from tracking the person paying for it. Investigations into the attacks are further stymied because the data flood is generated by computers that were taken over by remote operators, without the knowledge of the computer owners.

Defending against DDoS attacks can cost smaller businesses thousands of dollars, even though an attack may never occur.

“It’s so hard to associate the people involved in the attack to prosecute the people that need to be punished,” Gowdy said.

Greenspun Media Group, which operates the sites, is working to return site operations to normal. The attack will also be reported to legal authorities.

“We worked literally around the clock to solve the problems stemming from this attack, and we’ll keep working until service is completely back to normal,” said GMG Managing Editor Ric Anderson. “In the meantime, we thank our visitors for their patience.”