[nsp-sec] 711chan/scientology fun ...

[John Kristoff]

On Fri, 25 Jan 2008 00:53:18 +0000 (GMT)
Chris Morrow <morrowc at ops-netman.net> wrote:

> So... has anyone seen fall-out from the scientology things going on today?

I've not heard of anything, but I'm not in a real good position to see
the traffic.  I've seen the chatter and there has been lots.  Lots and
lots of kiddies coming out of the woodwork doing reload on their browser
as fast as they can, some using basic tools like hping and related things.
There may be some small botnets involved, but I didn't get the sense there
was all that much firepower behind most of the attack.  Who knows though,
I can dig through some stuff if you want.

There has also been apparently a fair amount of other junk, like faxes,
email, prank calls through skype and some chatter about sending "packages"
to various scientology offices or requesting free material to burn up
their capital expenses.

The partyvan folks have apparently been subject to getting attacked too.
I haven't looked too closely, but I saw what looks like DNS reflection
attacks using the .se TLD zone in the answers (including DNSSEC RRs) which
caught my eye and is potentially worrisome.

Overall its been lots and lots of groupthink and motiviation to attack
various scientology related things, but looks like a huge number of
kiddies.  Unfortunately some are learning things.  There has been some
infighting and so far, been pretty relentless for those involved.  This
might go on for awhile longer.  One IRC channel I've seen has been
averaging over 350 nicks and constant discussion 24/7.

John