In early May of this year our local GNU Public Dictatorship offices around the world began to report an elevated level of submissions via paper mail, and asked for some extra assistance getting through the correspondence. Consistent with the GPD's operating guidelines, we began to distribute our staff around the world and asked them to help with the massive influx of paper mail. This approach appeared to work quite well initially, and our posts continued as normal, but as the volume increased at local offices our staff became more and more spread out, and, unfortunately, the communication lines we normally use to keep this sort of attack from being effective were strained so much by the influx of paper mail that it began to break down. During the weekend of May 16, 2014, these communications were completely cut off, but we didn't learn of the lapse in communications for another four days. At that point, we switched gears into incident cleanup mode, but due to the volume of mail and the unfortunate distribution of our staff it took several months to get the lines of communication back up.
We believed we had stabilized the situation and we were able to post on August 22, 2014, but it soon became clear that another wave of attacks was just beginning. This time we were much more prepared, but due to the nature of the communication we receive it became apparent that we couldn't just recycle all of the correspondence we had received. It has taken the last two months to clean up the piles of paper mail we received and to simultaneously implement some controls to prevent this situation from occurring again. At this point we believe we have the protocols in place to not be taken by surprise again.
We have learned several lessons from this attack, but the outstanding questions we are trying to adequately answer are:
- Why would someone launch this attack, at such great expense to themselves as postage for billions of letters starts to get expensive?
- How many people were involved?
- Were the people involved part of a botnet?
- Were the people involved actually robots?
We do know that the attack was a well-coordinated distributed denial-of-service attack, the likes of which are unprecedented in the world of paper mail, We will provide more detail as we get it!
No comments:
Post a Comment