Buckeye Firearms Association DoS Attack for Zimmerman Post

BFA is under attack from an unknown outside entity. The website is down and communications systems are non-functional. They’ve issued this press release:

Here’s what we know so far . . .

If you’ve tried to visit our website today, you know it’s not there any more. At some time this morning, it came under attack from an outside source. FACTS:

Our IT guy says it’s a “denial of service” or DoS attack. This is not the ordinary “hack” attack that we’ve experienced many times in the past. A DoS attack involves using significant resources to bombard a server to temporarily or permanently disrupt service.

This attack took out our websites, both Buckeye Firearms Association and Buckeye Firearms Foundation.

Our email communication services also went down. Leaders are located all over the state of Ohio, so we’ve had to set up a temporary alternate email list to stay in touch as we work through this issue.

This attack was so overwhelming, it took down the entire company that hosts our website. Thousands of IP addresses have been caught up in the digital bloodshed.

Shortly after all the company servers went down, their power went down. And our IT guy says his cell phone service vanished.

We don’t yet know where this attack came from, but we find it hard to believe that it is a coincidence that it’s happening at the very moment a story went national about raising funds to enable George Zimmerman to purchase a new firearm after Eric Holder and the DOJ decided to prevent him from getting his personal property back. We’ve received threats, hate male, and angry late night phone calls. We’re sending you this message to let you know what’s going on just in case they take out more of our resources and we are unable to communicate with you.

REST ASSURED: We are working on getting our website back up. And the work goes on to push pro-gun legislation, meet with law makers, and defend the Second Amendment. We may communicate online, but our strength has always been in our vast grassroots and our personal relationships with your representatives in government. The check to Zimmerman is being sent to him as you read this. We collected $25,000 from our recent gun raffle. Our events and teacher training classes are moving forward. We CANNOT be stopped by technological temper tantrums like this.

We’re posting updates on our Facebook page as we know more. You can visit it here: https://www.facebook.com/pages/Buckeye-Firearms-Association/343253480089DeanMarketing & Communications Director

 

avatar

About Robert Farago

Robert Farago is the Publisher of The Truth About Guns (TTAG). He started the site to explore the ethics, morality, business, politics, culture, technology, practice, strategy, dangers and fun of guns.

93 Responses to Buckeye Firearms Association DoS Attack for Zimmerman Post

  1. avatarMarcus Aurelius says:

    “Digital bloodshed?” C’mon guys, We don’t need silly over-blown rhetoric like this.

    • avatarWilliam Burke says:

      It’s called a “metaphor”, and it’s a perfectly legitimate one. That’s this company’s life blood, lying digitally broken and bleeding, on the digital floor. See, that there last was another one of them metaphors.

      They are unable to do business. That’s “digital bloodshed”. Maybe you should take a creative writing class at the community college in order to understand.

      • avatarSnJohnson says:

        I thought “hate male” was pretty creative and funny. And unless they’re skilled in precision rifle, I find the death threats against gun rights organizations to be laughable.

      • You’re right William, ‘Digital Bloodshed’ is apt! We’ve likened these attacks previously to ‘cyber terrorism’. The financial losses felt by businesses both during and after these attacks is untold.

    • avatarRedirectYourIre says:

      You realize that the phrase you take issue with WASN’T WRITTEN BY TTAG, right?

      At the very least, complain to the correct author(s).

    • avatarRalph says:

      We don’t need

      Who is “we?”

  2. avatartangledthorns says:

    They may be able to get DDOS protection from their ISP but that costs money.

    • avatarDaniel Silverman says:

      It is two lines in a control list, that should be there anyways.
      Just dump all malformed packets right away. Problem solved..
      That should be done on the ACL on the edge router. Any self respecting hosting service will have done this already.
      DDOS is script kitty bull crap. Now power going out and cell service cut, hmmmm…
      Do I need my Tin Foil Hat????

      • avatarRalph says:

        Daniel, I wish I knew what you were talking about, but you lost me right after “It is.” :-(

        • avatarpwrserge says:

          Basically, there are very easy to spot indicators that allow you to identify and spot most DDOS attacks. It’s a technique that has fallen out of favor with “professionals” lately because countermeasures exist and have been generally implemented. It can still be pulled off, but requires massive resources that most “professionals” can use far more effectively. A “script kitty” (I generally use “script kiddie”, but both are correct) is a “hacker” who has only a rudimentary knowledge of real network intrusion techniques and relies overly on canned attack software that they did not write themselves and often do not fully understand.

        • avatarDaniel Silverman says:

          pwrserge I agree. If it were a really bad attack you would never know they were even there until it was all over..

      • avatarit guy says:

        access control lists wont block legitimate server requests, which is what most current denial of service attacks on websites use, not “malformed packets”. it may be “script kitty bull crap” as you call it, but it works and thats all that matters. BFA is staffed by volunteers and funded by donations. If you’d like to help them secure their site, feel free to contribute time or money.

        • avatarpwrserge says:

          Except that to launch that sort of attack requires far more resources than a typical group would have access to. You would need to prep the ground work for days if no weeks or use resources you already have in place.

        • avatarDaniel Silverman says:

          Been battling Anon myself.. no time really…
          If they use a botnet then they can use a normal packet, lets say port 80, etc. That makes sense but you need a large number to in fact hold open the connections.
          Anon hit us once, and they used a botnet. they hit us on 80, 443, and 25 TCP, with malformed large packets. Besides the fact they were pushing the bandwidth, the malformed packets held open the connection so it took far less to bring us down.
          They should be able to throttle the number of requests from a single source as well. It isn’t hard with the right hardware.
          I am by no means harping on them it guy. Most folks don’t ever think about it until something like this happens. We were down for almost a day when we got hit so believe me I feel the pain.
          Easiest thing for the IT guy to do is just reset everything if he has direct control of the servers. Any edge routers need to have at minimum their network services restarted, although with a power outage, I am sure folks at the data center are running around like crazy people.
          Also one other thing the BFA might want to consider is use a separate hosting service for their website, and any internal items like email etc are completely separate. We split ours off following the attack. If they bring our main site down who cares so long as I can send email.

        • avatarJAS says:

          Power outage would not injure the servers – most have backup power. It is what it is. IT thinking this can’t happen to us and such. Like Daniel said, unless it is an extremely sophisticated DDOS most server software already has the means to counter them.

          The 600 pound gorilla question is: where did the requests originate. That should be proxies but those can be tracked too.

        • avatarJus Bill says:

          Anon (and pretty much any other entity) rents their botnets. Use once and walk away clean.

      • avatarThomas M. says:

        A real DDoS is much more complicated to block than two config lines on a border router.

    • avatarJason says:

      Should we hold a gun raffle to raise money for that?

  3. avatarWilliam Burke says:

    Every time you think you’ve seen the nastiest, most corrupt, most MORALLY BANKRUPT administration in U.S. history, you’re soon enough proved wrong.

    And come ON, we know that these attacks come from within the Obama administration, and, in all likelihood, from within the White House itself.

    And I don’t mean Michelle. Who’s got the “conspiracy theorist” and “tinfoil hat” accusations? Surely you brought them…

    • avatarJeff says:

      no, they are coming from liberal activist black-hat hacker groups like certain offshoots of anonymous.

      • avatarJT says:

        It takes a lot of resources to cut power and cell phone service.

        • avatarJeff says:

          I didn’t notice that part of the original story until later. Given that, DDoS attack seems pretty unlikely – more than likely is that their ISP’s redundancy for anything sucks, or they lost their comms circuits.

        • avatarJT says:

          Jeff, from what I have read, the power went out a short time AFTER the DDoS started and that the website was already down when they lost the power.

      • avatarJason says:

        Anonymous has shown a pretty strong pro-gun stance. Mainly because the recognize that a well armed populace is the greatest protection against tyranny.

    • avatarRedirectYourIre says:

      Tinfoil hat? You, sir, are either a master of satire and irony, or need a straight jacket. Everything comes back to the president, and it’s a great joke, or a cry for help and attention. You do realize that the death threats to Buckeye HELP the administrations gun control efforts, right? So, taking down the site doesn’t benefit Obama, or anyone with real power.

    • avatarjwm says:

      William, if 1 person calls you a tin foil hat nutter there’s room for argument. If everybody tells you that it may be time to take a time out and evaluate your life and choices.

      • avatarJoke & Dagger says:

        Everybody has got a freaking label with you. Is that a left-over from your prison days?

        • avatarjwm says:

          J&D, I was answering the mans question. Sounded to me like he was reaching out for help. Now quit stalking me you crazy a@s cracker!

      • avatarJPD says:

        jwm:

        I was not stalking you Bubba!! My comment was to William. How it ended up under yours, I have no idea.

        Now, if I wasss stalking you, hmmmm, do you wear a hoodie? Any skittles? Bad ass wannabe thug posts on your facebook? Hang out in my neighborhood?

      • avatarjwm says:

        JPD, reread my stalking comment. I was answering J&D. And yes, I do wear a hoodie. No skittles or facebook.

    • avatarJPD says:

      William:

      “nastiest, most corrupt, most MORALLY BANKRUPT administration in U.S. history”

      Sorry, a simple google search will show that when it comes to what you just wrote, Obama is a piker. Wannabe bad guy that cannot cut it. The list of corrupt Presidents, and the consequences is beyond belief. History is a great teacher. Too bad very few learn anything from it.

      You want to know the single act that gutted our Constitutional rights? One that rivals what took Hitler 8 years to accomplish against the rights of the German people?

      Sit down and REALLY read the Patriot Act. Then get back to me.

      • avatarCliff H says:

        Better yet, Google “Woodrow Wilson”, then get a copy of “Liberal Fascism”.

        BO Is trying very hard to surpass Woodie, but he is and underachiever, thank goodness.

      • avatarJason says:

        Lincoln.
        * Arrested journalists for writing editorials against the war: check.
        * Shut down opposition newspapers: check.
        * Deported a sitting Congressman for opposing a war: check.
        * Wrote (but never issued) an arrest warrant for the Chief Justice of the US Supreme Court: check.
        * Started a war to force anti-tariff states to pay the tariff: check.
        * Violated Christian just-war doctrine by specifically targeting civilians, burning homes, burning crops, and slaughtering livestock: check.

        If any politician talks about admiration for Lincoln (BushBama and Hitler come to mind), be very scared.

        • avatarBob says:

          Don’t they all worship Lincoln? And don’t you know that it’s blasphemy to criticize him?

        • avatarGtfoxy says:

          Got in this “Conversation” about Lincoln the other day when someone said “He was one of the greatest presidents. ” of-course I laughed out loud. And reminded them that “those that win the wars get to write the history books how they see fit to hide the lies of their civil wars.”

          Slavery wasn’t the issue. I don’t by any means condone or admonish what Booth did but I find it very interesting that he made sure that people knew his mind: “May no man Judge me, but only God judge me.” To that he had a good understanding.

          Lincoln was just another casualty of the war he started and proliferatied. Ironic Justice, perhaps?

        • avatarWilliam Burke says:

          There is still time. MORE THAN ENOUGH time, I am afraid. And if Obama goes for broke (after next month’s NSA documents that DWARF the ones so far) and goes the confo route, you will all be eating crow.

          No, I mean REALLY eating crow.

        • avatarjwm says:

          So. WB, in one month if we’re not eating crow will you go cold turkey from the conspiracy stuff? Or will you just invent another theory to explain the failure of the last one?

  4. avatarc4v3man says:

    They said the entire webhost went down… there’s always a chance they weren’t targeting the BFA at all, and are just a victim of an attack on someone else. Unless they look at the logs for their particular server and determine that the attack was specifically directed at their server/virtual server, being the victim of a DDOS attack is unfortunately growing more common nowadays.

    • avatarWilliam Burke says:

      Yeah, it must just be a coincidence that they were sending $25,000 to Zimmerman….

    • avatarJMS says:

      Yeah agreed. Saying “This attack was so overwhelming, it took down the entire company that hosts our website. Thousands of IP addresses have been caught up in the digital bloodshed.” makes it sound like it could have been the hosting company itself that was targeted, or any other one of the thousands of other clients. Maybe there’s more to it that they didn’t share…

      • avatarRopingdown says:

        If cybercrime is behind this, we can all feel a sense of peace knowing the DoJ will pursue the malefactor with the greatest urgency.

        “One nation, indivisible” unless you’ve got a copy of the manual.

  5. avataranon says:

    I wonder what os their servers are running? Also I really want a look at those logfiles (if apache) I mean it is not hard to figure out who is hitting you unless it is a botnet, but if that is the case time to do some hosts.deny

    • avatarWilliam Burke says:

      I’m pretty sure a DOS can be done from behind one or several firewalls.

    • avatarDaniel Silverman says:

      It can be hidden yes, but I am guessing a few things.
      1. They are 100% hosted. Meaning they do not have on premiss equipment. This also means that they don’t have DIA with with isolated fiber trunks to their cage, they are shared with others.
      2. While hitting up /var/log/ is always a start, I am assuming they are running apache on some form of Linux. Your best bet is look at the firewall logs. Really it doesn’t matter where it comes from, you need to protect yourself from such attacks. See previous comment on malformed packets.
      3. I am guessing their mail whether Squirrel or Exchange was on the same network, soooo one went down it all went down.
      4. Loosing power to a data center is rare. I don’t know what tier data center this is, but the fact the power died is unusual. Yes we need more information as to the how, etc.
      5. Cell service? I understand in the data center I work in cell service stinks, but that is normal. I don’t know where this person resides, but if it was malicious that is a bit frightening. NOTE: Always carry a burner phone with separate cell service.

      • avatarB says:

        They hacked the servers, then they hacked the smart meters for the data center…

      • avataranon says:

        Funny how we both assume they are running linux (go freedom XD) I don’t know how big of an operation they are but I wonder if it is possible to have a backup server located elsewhere, maybe just an old desktop with debian or ubuntu server and apache, so that if the provider gets dossed they just update the dns to point somewhere else.

        Personally I have not had too much server admin experience, but I know enough to get into trouble.

        hey My. Farago wanna start “the truth about servers”?

        • avatarWilliam Burke says:

          Get in line. There is only me ahead of you. Coming in the fall, THE TRUTH ABOUT CIGARS.

          If all goes well.

      • avatarJus Bill says:

        I’d bet their host’s servers were Windoze. Sounds like a sorta Mickey Mouse low-budget hosting service, so the odds of them having a competent admin who can do command line are slim.

  6. avatarJT says:

    The fact that the power went out tells me this is more than a normal DDOS.

    • avatarBlehtastic says:

      Seriously, that’s pretty funny. Guessing we’ll never catch who’s doing this or even really hear about it anywhere else since no boring emails from the elite were leaked.

  7. avatarThomasR says:

    It’s the Chicago way; if you haven’t already figured out that Obama and his Just-Us Department is at war with the foundations of our traditional American way of life, you haven’t been keeping up with current events.

    • avatarRedirectYourIre says:

      Yes, their resources are being directed toward local firearms associations, because DoS attacks win elections… durHur?

      It isn’t enough that Buckeye was taken down, somehow it has to be Obama…

      For Pete’s sake, he’s not doing a good job, and he’s screwing with the 2nd, but take off your shiny headwear and think. Cost/benefit doesn’t favor an administration taking down small websites, especially when the attack is only temporary. Now, if all the people there had died….

      • avatarJus Bill says:

        Small site, but big political return.

        And a good, deniable training run for CYBERCOM. Rent a botnet for a few hours from a throwaway Google account with a prepaid credit card, TELNET from there through a couple of servers on island nations on the other side of the world to start up the botnets and fire away, then act surprised and deny any knowledge if you’re accused and blame Anonymous or the Chinese. Script kiddie k-8 difficulty level…

      • avatarneiowa says:

        he’s not doing a good job Yeah I gues you could say that. Or “he’s not doing a good job” perhaps might be a bit of an understatement.

    • avatarWilliam Burke says:

      “Just-Us”. Excellent! Just us and the criminal banking cartel we work for.

  8. avatarRalph says:

    It wouldn’t surprise me in the least if the IRS is also up the BFA’s @ss.

  9. avatarDIrk Diggler says:

    hate male directed at them? Al sharpton is in ohio?

    • avatarWilliam Burke says:

      Wherever downtrodden people… BLACK people are. There is Al. Unless it’s Africa, his homeland. Whenever, whenever black people oppress or kill other black people, NO HARM.

  10. avatarTom in Oregon says:

    Agreed. It may not be BFA that is the target. Last year “anonymous” targeted godaddy. That effictively took out our email for a bit over 24 hours. We do about half our business via email. That hurt.
    Hopefully they will be back up soon, or they may want to find another host/server.

  11. avatarMatt in FL says:

    Have you noticed that while we think they are stupid and nonsensical, our side doesn’t generally do things to silence the opposition? That is virtually always the action of those trying to prevent the dissemination of truth. You don’t see us crashing Brady’s servers. You don’t see us crashing Feinstein’s website. In fact, the more they talk, the less believable their tripe becomes.

    • avatarjwm says:

      True, facism does not tolerate dissent or another view. They crush it. Something we do not do. Being the good guys can be tough at times.

    • avatarOld Ben turning in grave says:

      And that is one of the big advantages Progressives have over Americans in this ideological struggle. We must play by the rules or we risk undermining the very system we wish to preserve. Progs, on the other hand, only have a single, two part rule: If it furthers their agenda and they think they can get away with it, they do it.

    • avatarJason says:

      Why bother? In fact, we should help them get their message out. People aren’t stupid (just lazy enough to not actively research stuff). When they hear the big-government message (from progressives or neo-cons), they smell the bullsh!t. When they hear the American message (from minarchists and libertarians), they are responsive.

    • avatarBob says:

      Good ideas don’t require force to propagate.

  12. avatarthingi says:

    They’ll probably want something like Amazon Web Services.

  13. avatarAndy says:

    This is probably a take down by the Administration,they are the ones behind the stirring of the racial animosity that is going on now.I do not trust this government at all anymore,I had my doubts before Mr. Snowden but since he told us what is going on,I have lost all faith and from this day forward consider the Adminstration as tyranny within the nation that needs to be removed,that our Bill of Rights gives all citizens the Right to do!No matter that laws against doing this,passed after the Bill of Rights was enacted,I consider to be Unconstitutional,due to the citizens are the ones who have the last say about how this government should be run,and which direction we should go!Be prepared and ready.Keep your powder dry.

  14. avatarJus Bill says:

    Here’s where it gets ironic:
    They need to
    -Contact the media;
    -Report the attacks and outages to:
    US-CERT (DHS) for the DDoS;
    FBI and Secret Service (DOJ) for the phone outages;
    The local police for all of it, to provide the Feds with a local POC.
    THAT’s the drill. And they should report progress (or lack thereof) back to the media. Often.

  15. avatarensitue says:

    It’s just a Beta Run

  16. avataranon says:

    btw I have nothing to do with the group anonomous.

    maybe I should pick a new screen name hmm.

  17. avatarShire-man says:

    Oh noes the site is down!
    Give the children a couple of days and they’ll move on.
    For all the attention things like DDOS attacks and dumps of passwords (that are mostly encrypted anyway) get I dont think anything substantial has ever occurred due to these annoyances. Even the mighty US gov partnering with Mossad to unleash the nuclear Stuxnet didnt really accomplish anything.

    So far all of this “cyber” warfare and terrorism seems very half-assed and impotent.
    I’m not saying it cant be powerful and destructive. It simply doesnt seem to be at this point in time.

  18. avatarLee Duran says:

    Cloudflare, they should look into it. Robert, might not be a bad idea for you too!

  19. avatarmina says:

    I’m in IT and if an entire block of IPs have gone down, there is just as high a likelihood that 1. another site on his host’s network was the target 2. they lost a switch that took out a bank of servers 3. They lost part of their DNS database 4. all of the IPs in question share a host and the server went down

    … in essence, the possibilities are ENDLESS!

    Let’s not all start whining like a bunch of little girls so early in the game, K?

    • avatarWilliam Burke says:

      Who’s whining? Oh. I get it now. You meant “shut up”.

    • avatarJus Bill says:

      So am I, and I’ve been hit by the best. It smells like a pro job, especially with the phones going down.

      • avatarmina says:

        ok tin foil hat people. LOL

        power went out. cell phone service failed. the servers are down. we must be really important – professional hackers.

        yeah yeah.

        can’t wait to see the RCA a couple of days from now.

        • avatarRopingdown says:

          Mina, that you said “like a bunch of little girls” was special. They’re suppose to whine, its cultural. Gun guys aren’t.

        • avatarmina says:

          yeah, well if there wasn’t a lot of whining I’d not have noticed it, right?

        • avatarmina says:

          and, yes, the fact that little girls whine and gun guys aren’t supposed to was pretty much my point.

  20. avatarTom RKBA says:

    The site should be load balanced locally and have at least two clusters tied together with GSLB or similar. The servers won’t be dedicated to that one site, but the switches should have DDOS protection enabled at various levels. Not doing this in 2013 invites this sort of mischief.

  21. avatarmina says:

    so far, it looks like they bagged their old domain name and are redirecting everything to Buckeye Firearms Foundation. they have a place-holder web page up and running.

    my guess is their entire hosting service experienced some sort of snafu and they are in DR mode.

Leave a Reply

Please use your real name instead of you company name or keyword spam.