Lawfare editor on persistent DDoS attack: ‘We wish they’d knock it off’

The DDoS attack is a reminder of the prevalence of this blunt attack method and of a growing security market for defenses against it.
(Getty Images)

Influential national security blog Lawfare has been the target of a distributed denial-of-service attack since Wednesday, with attackers amplifying their efforts as security measures are used to stop the traffic barrage.

The DDoS attack knocked the site offline intermittently for a few hours on Wednesday, Executive Editor Susan Hennessey estimated, but the malicious traffic stubbornly persisted through Thursday.

The attack “increased substantially in response to preliminary defense measures,” Hennessey told CyberScoop in an email Thursday. The website appears to have stabilized, she said, despite the continuous pinging of Lawfare’s site.

“Previous attacks have taken us offline for longer periods, but we now have more sophisticated defenses in place so size doesn’t necessarily correlate to impact,” said Hennessey, a former attorney in the National Security Agency’s Office of General Counsel.


“While large, the attack hasn’t been especially sophisticated in morphing, so our current measures of just blocking the traffic seem to be working,” she added later on Thursday.

Hennessey said Lawfare, which publishes articles on national security law, uses a DDoS mitigation tool from San Francisco-based security company Cloudflare. Data from Cloudflare indicate that the primary attack originated in Seychelles and a secondary attack originated in Romania, according to Hennessey. As she pointed out, that does not mean the culprits are physically located in those countries; location-spoofing and hijacking computers in disparate locations are often tactics employed by those who launch DDoS attacks.

“While we have insight into the technical attack, we don’t know who is responsible or what their motivation might be,” Hennessey said, adding: “We wish they’d knock it off.”

While defenses have matured, DDoS attacks are still a cheap and popular tool of cyber criminals. The emergence in recent years of DDoS-for-hire services selling access to botnets has only accentuated this trend.


Andrew Shoemaker, founder of the testing company NimbusDDOS, said his customers “have reported an uptick in DDoS attacks in the last six months across a wide swath of industries.”

Shoemaker told CyberScoop that it is difficult to pin down the cause of that uptick, but offered one possible explanation. “It may simply be that a new tool exists in the black-hat community that is making it easier to form botnets and launch attacks,” he said.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts