Guns.com Down Due to Malicious Hack Attack

guns.com logo

As you may be aware, our friends at Guns.com have been down since last night. They issued this tweet about the situation . . .

Given the current climate, speculation was rampant that they had been the latest target of deplatforming. But we just spoke to Guns.com’s CEO Greg Minkler who tells TTAG that the outage is due to a malicious cyber attack on the site by a bad actor and is not due to a deplatforming by their hosting company or registrar.

Minkler told us the goal is to have the site back up and running by late this evening.

comments

  1. avatar NTexas says:

    WHOW SORRY HEAR THAT . THANKS FOR INFOR

    1. avatar TheUnspoken says:

      While it could just be the usual hacker hacking for the usual reasons, profit, fun, make a name, bored, nefarious motives, etc, I wouldn’t put it past so called “ethical” hackers trying to take down and silence those they disagree with. I imagine we will see some of both.

      1. avatar Hooda Thunkett says:

        Hacktivism, in other words. Yeah, most likely…

        1. avatar Montana Actual says:

          100% likely given the current situation.

    2. avatar JasonM says:

      There’s a key on the left of your keyboard that says something like “Caps Lock”, which might have a green LED on it. Press that key once.

      Thanks.

      1. avatar Southern Cross says:

        Net etiquette. Text in all CAPS is the equivalent of SHOUTING.

        1. avatar Carolus Rex says:

          I instinctively read capslock posts in the voice of Loud Howard from the old Dilbert animated series.

  2. avatar Daniel Silverman says:

    Given the current climate, let us be clear.
    Bad actors will work to disrupt or others temporarily de-platform websites or individual businesses they don’t like. The gun industry will be a large target. This would include TTAG.
    I fully suspect a new stream of TOS from ISP’s and hosting services to shut down and site, or service that goes against the lefts agenda. If you have an internet based business make sure you have backup sites, backup plans that your registrar and or hosting facility will shut you off on a whim. If you have a security team then it is critical you activate them to go over your services with a fine tooth comb.
    This is only the beginning.

    1. avatar Jack says:

      You don’t think the “Left” buys guns? If you do think that, you’re wrong.

  3. avatar Miner49er says:

    Over 1 million videos and 80 TB of messages, scraped off the Parler platform.

    DC US attorney says they are pursuing multiple felonies including sedition and conspiracy.

    https://arstechnica.com/information-technology/2021/01/parlers-amateur-coding-could-come-back-to-haunt-capitol-hill-rioters/?amp=1

    “The reason for urgency: Amazon, Apple, and Google all informed Parler that its lack of content moderation violated their terms of service. The archivists wanted to obtain the posts while the site remained online. But as it turned out, donk_enby was able to retrieve posts even after they had been deleted.

    Coding mess

    A key reason for her success: Parler’s site was a mess. Its public API used no authentication. When users deleted their posts, the site failed to remove the content and instead only added a delete flag to it. Oh, and each post carried a numerical ID that was incremented from the ID of the most recently published one.

    The rookie code made it easy to automate the scraping, as this script used by donk_enby’s archival team demonstrates. As a result, massive numbers of posts that discussed the insurrection before, during, and after it was carried out will be preserved indefinitely so that they’re available to researchers, journalists, prosecutors, and others.“

    1. avatar Ing says:

      Sir, this is a Wendy’s.

      1. avatar Miner49er says:

        Have it your way, it is what it is:

        18 U.S. Code § 2384 – Seditious conspiracy
        U.S. Code

        If two or more persons in any State or Territory, or in any place subject to the jurisdiction of the United States, conspire to overthrow, put down, or to destroy by force the Government of the United States, or to levy war against them, or to oppose by force the authority thereof, or by force to prevent, hinder, or delay the execution of any law of the United States, or by force to seize, take, or possess any property of the United States contrary to the authority thereof, they shall each be fined under this title or imprisoned not more than twenty years, or both.

        1. avatar Ing says:

          Your way, right away, right now…if you have the right politics.

          You’re still barking up the wrong tree.

      2. avatar strych9 says:

        Ing:

        Even the people at Wendy’s know this is a fucking joke.

        Wait until the “woke” mouth frothers find out about U.S. Code 18 Section 1029, U.S. Code 18 Section 2701 and U.S. Code 18 Section 3121.

        Then they’ll flip shit that it’s Ms. Donk who should be in trouble AND even if they find anything in what she stole they can’t use it in court unless they obtain it another way.

        1. avatar T-Bob says:

          Have you seen our courts lately? Their job is to determine which party has, or has not, adhered to the letter of the law. Instead we have kangaroo courts so blinded by partisanship and avarice that they literally cannot see the words on the page. The impartial judicial system is gone, the Republic is a sinking ship. Don’t be so naive as to believe being legally “in the right” means more than shit on your shoe now. Just ask Texas. Welcome to a Brave New World. Or is it 1984? They Live?

        2. avatar Miner49er says:

          I am so glad to see that the right wing is now concerned about illegal access of electronic documents and identity theft involved in illegally accessing these accounts.

          At last, the right embraces the rule of law.

          I’m thrilled to hear that you will be in favor of prosecution against Trump and his minions for illegally accessing Hillary Clinton and the DNC emails and documents and providing this information to other criminals.

          Trumps public direction to our foreign adversaries to illegally access his political opponents emails is indeed illegal as you’ve noted, and will be prosecuted on January 21 by multiple federal and state agencies.

        3. avatar Ing says:

          Miner, you’re a very useful reminder of the insanity that this nation is facing. Thank you.

    2. avatar Dude says:

      “As a result, massive numbers of posts that discussed the insurrection before, during, and after it was carried out will be preserved indefinitely so that they’re available to researchers, journalists, prosecutors, and others.”

      Okay, that’s cool. Wake me up when they shut down facebook because I’ve heard they tend to have all the groups communicating on there. I doubt little ole Parler has anything on them. Are people going after that evidence? Do you find it ironic that the tech giants are going after the little guy for not moderating their content after fighting congress so they wouldn’t be liable for their own content?

      1. avatar strych9 says:

        FB did nuke a few “right wing” groups and even went so far as to suspend the accounts of at least some of the users who were members.

        People run their fingers quite a bit about this shit. The reality is that the Parler hack was child’s play because the company that did all their security pulled that security immediately upon Amazon’s announcement. That left the site still up and without security.

        Parler was amature hour for sure but the idea that it’s going to be used in legal proceedings is a fucking joke. That data was illegally obtained via intrusion and most of it is worthless because not many people were actually discussing anything illegal.

        What it WILL be used for is to dox and blackmail people out of their livelihood via online mobs making unsubstantiated claims to employers, probably via Twitter.

        1. avatar Chris T in KY says:

          You are only fooling yourself if you think secession will not happen to this country. It won’t be a repeat of 1864. There will no large scale military formations. And entire states don’t have to leave. All is necessary is to have the “Battle of Athens” be repeated over and over again. All across the country. The Bundy Ranch was the test case. And no shots were fired there.

          Because the Bundy supporters openly carried their guns. It was very peaceful at the Bundy ranch. And the Bundy family is still there.

        2. avatar strych9 says:

          Not gonna happen and repeating The Battle of Athens ad infinitum wouldn’t work either because small shit like that would get snuffed out with a quickness.

          I get the romanticism but it’s just not going to happen. If people decide not to take this any more, and make that decision in large numbers, we’ll have a bloody war a la Syria.

          If people decide not to take it any more and decide that in small numbers, they’ll quickly be overwhelmed and made an example out of. That’s exactly how empires have been maintained for 5000 years and that’s what will happen here too.

          But mostly this is all academic because the people who would be “coming to get cha” would be “the Blue” and Conservatives mostly can’t fathom the idea of not “backing the Blue”. That means they’ll try to play nice with people who have no interest in playing nice because they’ve been ordered not to.

          But even that won’t actually happen. They’ll do a gun-control push with an amnesty and get whatever compliance they can. Then they’ll use CoV-2 as a means to push UBI, ban people from work and use the UBI tied to “turning them in” to get most of the rest.

          Dems bought Georgia. They didn’t steal it. They’ll repeat that tactic forever because they believe in MMT.

  4. avatar Dennis Sumner says:

    And girly boy Dorsey could not be reached for comment, or Mark the dork!

  5. avatar uncommon_sense says:

    I have been so focused on de-platforming lately that I forgot about simple old-school distributed denial of service attacks: I have a hunch that these will begin increasing in both frequency and intensity on any website or web platform which hosts conservative and/or firearm content.

    And with ever more people and entities having ultra-fast Internet access, mounting debilitating distributed denial of service attacks is becoming easier and easier. Consider the million plus people (just in the United States) who have fiber-to-the-home Internet access with symmetric Gigabit (1000 Megabit per second) speed. It would only take a little over 1,000 of those people working together to mount a one Terabit-per-second attack from their homes. (Note that one Terabit per second equals one thousand Gigabit per second — which equals one million Megabit per second.)

    Now sprinkle in a few Fortune 500 businesses and universities (with anywhere from 10 to 400 Gigabit-per-second circuits) adding themselves to the fray and it becomes quite easy to crush any website or web platform.

    In all honestly I am totally shocked that crushing distributed denial of service attacks are not happening more often.

    1. avatar GS650G says:

      The internet isn’t a free for all like it seems. At certain locations there are systems in place that detect DDoS and correct the situation. That’s why it’s not the problem it once was. Guns.com might be the victim of any number of attacks most of which could be inside jobs or something else close to home.

      1. avatar uncommon_sense says:

        GS650G,

        Please enlighten me as to, “… systems in place that detect DDoS and correct the situation.” I ask because said systems failed to stop a DDoS attack from taking down my circuit indefinitely. The only reason that I recovered in less than 24 hours is because I simply terminated that circuit and moved my entire operation to a different type of service and circuit at a totally different IP address that was not traceable/linkable to my previous circuit and IP address. (A close friend of mine who works on core Internet function congratulated me on one of the fastest times he has ever seen for someone to recognize that they were under attack and recovering from it — as well as my clever “solution” of simply leaving the old circuit and IP address behind.
        Note that my Internet carrier was unable to stop the attack.)

        As far as I can see, the Internet is a giant free-for-all because there is no authentication, it can be effectively impossible to discern legitimate traffic from bogus traffic, and it is exceedingly easy (these days) to generate an overwhelming amount of “legitimate” traffic.

    2. avatar Manse Jolly says:

      If they were consulting a Network Monkey I know, he would recommend in-depth layered defenses.

      Palo-Alto and Fortinet firewalls, two perimeters, geographical blocking (Zimbabwe doesn’t need access) a dedicated security person whose only job is thinking like a bad actor. Barracuda makes good stuff as well.

      1. avatar uncommon_sense says:

        Manse Jolly,

        All of those countermeasures that you described are ineffective when the amount of traffic coming to you significantly exceeds the capacity of your Internet circuit.

        The fact that you do not reply to traffic from Zimbabwe or to obviously manipulated/bogus packets does not change the fact that 10 times more packets are coming to you — and keep coming to you — than the capacity of your Internet circuit.

        And how can you know whether or not you are receiving legitimate traffic from Zimbabwe? Maybe people who legitimately want to interact with you are using a VPN to a proxy server in Zimbabwe for the very reason of not wanting to be easily traceable/identifiable as coming from the United States?

        The anonymity and ease of spoofing just about anything on the Internet is both a strength and a weakness.

  6. avatar GS650G says:

    Plenty of leftist sites out there that could be messed with or doesn’t that occur to these people ?

  7. avatar Dude says:

    They have such a conspicuous name…

  8. avatar LastOfTheOldOnes says:

    All the whining and talking will accomplish nothing.

    Imagine if the Founding Fathers had spent their time feeling bad for themselves instead of taking the bull by the horns. We would still be a colony of England.

    Direct action is required, using all the tools at our disposal.

    1. avatar Ticked Off says:

      Exactly…times 1000%.

      Is there no one on our side with the skills who can do the same to them? Seems like what’s good for the goose is good for the gander.

  9. avatar WI Patriot says:

    “Guns.com’s CEO Greg Minkler who tells TTAG that the outage is due to a malicious cyber attack on the site by a bad actor and is not due to a deplatforming by their hosting company or registrar.”

    And why doesn’t their hosting company have safeguards in place to prevent or guard against a “malicious cyber attack”…??? My guess would be that it was some sort of DOS/DDOS attack, and ANY hosting service worth their salt would have such preventative measures in place…
    Perhaps Guns.com should be looking an alternative to their current hosting situation…

  10. avatar strych9 says:

    “But we just spoke to Guns.com’s CEO Greg Minkler who tells TTAG that the outage is due to a malicious cyber attack on the site by a bad actor…”

    LOL, I get what they’re saying but these days that could be a deplatforming issue.

  11. avatar LibertyToad says:

    They are still using twitter? What is wrong with them!? SMH.

  12. avatar ABN LRRP RGR 3 tours RVN says:

    If only the internet had achieved it’s purpose in taking mankind’s intelligence to a higher level. Unusually, it appears to have dragged us into new lows.

  13. avatar WI Patriot says:

    And they’re still down…

Write a Comment

Your email address will not be published. Required fields are marked *

button to share on facebook
button to tweet
button to share via email