The lawyers letter is on its way!!!!!!!!!
http://blogs.straitstimes.com/2009/11/6/attack-on-temasek-review-site-not-sph
Geoffrey Pereira
Attack on Temasek Review: Not SPH
November 06, 2009 Friday, 11:40 AM
Geoffrey Pereira explains an accusation based on IP address is mistaken; there was no malicious activity SPH's part.
A COUPLE of days ago, a blog that focuses on Singapore politics carried a posting which accused Singapore Press Holdings of trying to cripple its web server.
Temasek Review (TR) posted its article, "SPH IP address caught 'grabbing' Temasek Review server" on Nov 2.
It started by defining a Distributed Denial of Service (DDOS) attack - essentially as when a server is bombarded with requests so as to overload and cripple it.
It then went on to say that its monitoring had shown that during a recent period, there was a flurry of network requests coming from an SPH IP address.
Put this together and it is no less than an accusation that SPH had launched an Internet attack on TR. Many of its own readers, too, saw it as such, though TR tried to deny it in the discussion that followed on the site.
The article ended by fishing out the Computer Misuse Act and warning SPH to not continue its "intrusions" to undermine its site. Or else, it said, it would escalate the matter.
You can read the article in full, here (and if SPH is not being accused of a DOS attack, why associate it with this URL title?):
http://www.temasekreview.com/2009/11/02/sph-and-recent-ddos-attack-on-temasek-review/
Well, the truth is no warning was needed; but perhaps a little more understanding of the Internet by TR.
For, as at least one TR reader pointed out in the discussion the followed on the site, IP addresses by themselves do not prove anything. In fact IP spoofing is a common tactic used in a DOS attack and with information available readily (http://en.wikipedia.org/wiki/IP_address_spoofing) TR should have known that SPH is as easy prey as anyone.
In any case, given the serious allegation made, SPH made checks with its Network Intrusion Protection Services (NIPS) vendor, a reputable multi-national company. We wanted to find out if anyone within the organisation did, indeed, have a go at TR.
Our NIPS vendor found that there was no unusually heavy access to TR during the period of the alleged attack on its site. SPH logs also determined that no one from the company tried to access material from 2008, as claimed by TR.
TR changed the time of the alleged attack (we have print-outs too!! ) some time after the article was first published; but I won't jump up and down the way some bloggers do when an SPH website changes a headline. I'll just put it down to corrections made by TR to improve accuracy.
Nevertheless, data made available to me covered a 3-day period starting before and ending after the alleged attack. It showed that about 25 SPH employees – including yours truly, a regular reader – visited TR; but we did not create the kind of flurry of Net activity that would slow a server down, much less precipitate a DOS.
In fact, from midnight on Nov 1 to about 6 am, (covering a period of the alleged attack) no one from SPH accessed the TR site.
Our NIPS vendor's technical staff member, who checked 7 days worth of data and found no DOS activity originating from SPH concluded: "My opinion of the situation is Temasek Review released the article with very little research into what happened on its server."
It is an expert opinion; but if opinions don't count, here are the facts: Contrary to TRs allegations, neither did anyone in SPH try to "grab" TR material in a way that would load its server; nor did any SPH staffer launch any attack on the server.
http://blogs.straitstimes.com/2009/11/6/attack-on-temasek-review-site-not-sph
Geoffrey Pereira
Attack on Temasek Review: Not SPH
November 06, 2009 Friday, 11:40 AM
Geoffrey Pereira explains an accusation based on IP address is mistaken; there was no malicious activity SPH's part.
A COUPLE of days ago, a blog that focuses on Singapore politics carried a posting which accused Singapore Press Holdings of trying to cripple its web server.
Temasek Review (TR) posted its article, "SPH IP address caught 'grabbing' Temasek Review server" on Nov 2.
It started by defining a Distributed Denial of Service (DDOS) attack - essentially as when a server is bombarded with requests so as to overload and cripple it.
It then went on to say that its monitoring had shown that during a recent period, there was a flurry of network requests coming from an SPH IP address.
Put this together and it is no less than an accusation that SPH had launched an Internet attack on TR. Many of its own readers, too, saw it as such, though TR tried to deny it in the discussion that followed on the site.
The article ended by fishing out the Computer Misuse Act and warning SPH to not continue its "intrusions" to undermine its site. Or else, it said, it would escalate the matter.
You can read the article in full, here (and if SPH is not being accused of a DOS attack, why associate it with this URL title?):
http://www.temasekreview.com/2009/11/02/sph-and-recent-ddos-attack-on-temasek-review/
Well, the truth is no warning was needed; but perhaps a little more understanding of the Internet by TR.
For, as at least one TR reader pointed out in the discussion the followed on the site, IP addresses by themselves do not prove anything. In fact IP spoofing is a common tactic used in a DOS attack and with information available readily (http://en.wikipedia.org/wiki/IP_address_spoofing) TR should have known that SPH is as easy prey as anyone.
In any case, given the serious allegation made, SPH made checks with its Network Intrusion Protection Services (NIPS) vendor, a reputable multi-national company. We wanted to find out if anyone within the organisation did, indeed, have a go at TR.
Our NIPS vendor found that there was no unusually heavy access to TR during the period of the alleged attack on its site. SPH logs also determined that no one from the company tried to access material from 2008, as claimed by TR.
TR changed the time of the alleged attack (we have print-outs too!! ) some time after the article was first published; but I won't jump up and down the way some bloggers do when an SPH website changes a headline. I'll just put it down to corrections made by TR to improve accuracy.
Nevertheless, data made available to me covered a 3-day period starting before and ending after the alleged attack. It showed that about 25 SPH employees – including yours truly, a regular reader – visited TR; but we did not create the kind of flurry of Net activity that would slow a server down, much less precipitate a DOS.
In fact, from midnight on Nov 1 to about 6 am, (covering a period of the alleged attack) no one from SPH accessed the TR site.
Our NIPS vendor's technical staff member, who checked 7 days worth of data and found no DOS activity originating from SPH concluded: "My opinion of the situation is Temasek Review released the article with very little research into what happened on its server."
It is an expert opinion; but if opinions don't count, here are the facts: Contrary to TRs allegations, neither did anyone in SPH try to "grab" TR material in a way that would load its server; nor did any SPH staffer launch any attack on the server.
