by Doctor Science
Livejournal has been hit by waves of Distributed Denial of Service (DDOS) attacks since March 24th. I've been following this story all along, because I have an account there, as do many of my e-friends. I haven't posted about it here because I didn't feel that I knew enough, but the story has now gotten on the radar of some major news organizations, and I at least know more than they do (New York Times, Time, Wired, Christian Science Monitor, Washington Post).
The Livejournal DDOS attacks are significant because LJ is the major blogging platform in Russia. One of the people whose blog has been sporadically out-of-service is Russian President Dmitry Medvedev, in fact.
I don't claim to be an expert on Russian politics, but I know a lot about LJ as a platform and a community. There's actually a reason LJ became very popular with (on the one hand) Russians and (on the other hand) fangirls: both groups had good reason to want a controllable degree of privacy and pseudonymity with their Internet communication.
We don't know exactly how many botnets took part in the latest attack but we definitely know of one botnet that was involved. It is based on the Optima/Darkness DDoS bot that is currently popular on the Russian-speaking cybercrime black market. Not only are the Trojan programs (bots) themselves on sale, but also infected computer networks that are built with the help of such programs and services offering to carry out DDoS attacks on any given Internet resource.I (and other Anglophone LJ users) noticed that LJ was only intermittently available on March 24th, but we didn't think anything of it -- these things happen from time to time.
We have been monitoring one of these Optima botnets for some time now.
Analysis of the data acquired showed that the first DDoS attack on LiveJournal occurred on 24 March. The botnet's owners gave the command to launch an attack on the blog address of the renowned anti-corruption figure Alexey Navalny: http://navalny.livejournal.com. On 26 March, the bots received commands to attack another resource belonging to Navalny: http://rospil.info, and on 1 April, http://www.rutoplivo.ru, another site with a political slant, was targeted.
Garnaeva posts a list of targets the Optima botnet was given, and says
It should be obvious to specialists in the Russian-speaking blogosphere that the list affects some of the most popular bloggers on LiveJournal who write about a wide variety of things. It is not known if this was an attempt to "blur" the real target of the attacks, which may have been clearly designated during the first DDoS attacks, or if the list of blogs that had fallen out of favor had become bigger.On March 30, the attacks basically took all of LJ down for the day, and it's been up and down ever since.
One site – kredo-m.ru – stands out from the rest on the list. It belongs to a company that makes furniture and wooden products. We can only suggest that the botnet owners are selling their DDoS attack services to anyone and this particular attack could have been ordered by business competitors. This sort of B2B attack is not uncommon.
The possibility of an attack on LiveJournal was predictable. In January 2010, when I was asked by Ivan Sigal, GV Executive Director, what were the most probable DDoS (Distributed Denial-of-Service) targets in Russia, I called LiveJournal the most endangered platform. Usage and seriousness of DDoS, the universal online weapon used both for commercial extortions and political assaults, are increasing every year. Russia, in this context, is famous not only for having a long history of suppressing dissent, but also for being a country with one of the widest and cheapest markets for DDoS services.How did this happen? Sidorenko blandly says that Being one of the oldest blogging platforms, LiveJournal had natural advantages over other platforms, but the truth is more complicated and IMHO more interesting.
Historically, many Russian Internet users became bloggers with the help of LiveJournal.
LiveJournal's popularity and outreached have increased ever since and resulted in the core of the Russian blog"sphere being "comprised mainly, though not exclusively, of blogs on the LiveJournal platform" (Berkman Center Research, 2010).
The high concentration of political bloggers made LiveJournal a strategic element in the infrastructure of Russian free expression and digital dissent. This fact means that any disfunctionality of the platform (intended by the Russian authorities or not) automatically resulted in political consequences in the Russian political landscape.
Livejournal was first put together in 1999 by Brad Fitzpatrick, a computer science student at the University of Washington who wanted a way for his friends to keep in touch online. synecdochoic had a long tenure doing site support for LJ, and says:
I remember -- back in the days when dinosaurs roamed the earth and Brad still owned LJ -- slowly noticing that LJ was becoming more and more prevalent in Russia and in the Russian political arena. We always thought it was slightly odd -- how did this site that had been originally designed for US college students turn into this juggernaut in Russia? -- but really incredibly awesome. Even when we'd started to get incredible numbers of support requests ... I was always conscious of the fact that on the other side of the world, the website I was helping to run was, essentially, the only free press of an entire country.While the Russians were gradually moving into LJ, a sizeable part of online media fandom was moving there too:
The word for "blog" in the Russian language is literally 'ЖЖ' -- the abbreviation for Живой Журнал, or LiveJournal. (Although the automatic translators tended to render it as 'Alive Magazine', which always amused me.)
When blogging software started to become more available in 1999, some fans started up blogs on services like Blogger or Livejournal. Blogs on Blogger and similar services offered total control and could be integrated into a fan's personal webpage, for one-stop shopping. Livejournal was restricted to its own site and to specific layouts, but offered something new: the friends list, a site-specific form of RSS feed, and icons, to personalize posts.Particularly important, IMHO, was that LJ offered easy ways to make blog-like posts that were only visible to other, specified LJ users. On LJ, not all conversations needed to be public.
Media fandom -- from Star Trek fandom forward -- has tended to tilt female. Online media fandom, especially the part that writes and reads fanfiction, has tended to have a large majority of women plus gender nonconformists of all sorts -- straight males are a minority. Women know we are more likely to be harrassed online; fanfiction writers have long tried to stay below the radar of corporate copyright holders and their attack-lawyers. I got an LJ in late 2002 basically because of peer pressure, but part of the pressure was wanting to read LJ posts that were "friends-locked", visible only to LJers chosen by the author.
I'm guessing that similar processes were involved on the Russian side of LJ. Bloggers wanted to be able to write without having to be completely "in public", but then the only way to read those bloggers was to get an LJ. If I'm right, what has concentrated Russian blogging on LJ isn't mere inertia or a crowd mentality, it's the perceived need for friends-locking.
This has gotten to about 1000 words, so I'm going to post before I go on to discuss what media fandom has learned from being on LJ, and what that might imply for the future of livejournal and Russian blogging.
 Livejournal = LJ = livejournal.com. I'm deliberately not linking directly to LJ in this post to reduce load on their servers.