BBC, Trump web attacks "just the start," says hacktivist group

One of the hackers claimed they used Amazon's cloud service to help launch the attacks.
Written by Zack Whittaker, Contributor
The newsroom at the BBC, which had its website attacked by hacktivists. (Image: BBC Corp.)

NEW YORK -- The group that claimed responsibility for taking down the BBC's global website last week has said the attack was "just the start."

On Saturday, a group calling itself New World Hacking also claimed responsibility for an attack that downed Republican presidential candidate Donald Trump's campaign website for about an hour.

The cause of the attack was a massive distributed denial-of-service (DDoS) attack, which relies on pummeling a web server with so much traffic that it crumbles under the weight and stops responding.

DDoS attacks are widely used, and simple to carry out, often by online groups with the aim of bringing down websites for extended periods.

The group targeted the BBC earlier in the week. BBC websites, including its iPlayer on-demand service, suffered downtime for at least three hours on Thursday.

One of the members of the group, who identified himself as Ownz and declined to use his real name, told ZDNet that the attacks on the BBC's website and Trump's website were a "test of power" and server strength.

"ISIS is our main target," said Ownz.

Ownz, a self-described "hacktivist," sent ZDNet a screenshot of a web interface that was allegedly used to launch the attacks, indicating an assault of up to 602 Gbps, backing up similar claims the group made to the BBC.

We were not able to verify the authenticity of the screenshot, or the alleged size of the attack.

If that attack size is proven true, it would vastly surpass the previous record for largest DDoS attack of 334 Gbps, recorded by Arbor Networks in mid-2015.

Ownz said the size of the attack was possible by using at least two "Amazon servers," but did not disclose additional details.

Amazon has previously said that Amazon Web Services "employs a number of automated detection and mitigation techniques to prevent the misuse of our services," with the capability to stop denial-of-service attacks from being launched and to shut down such an attack quickly if one is detected.

"We have our ways of bypassing Amazon," said Ownz. "The best way to describe it is we tap into a few administrative services that Amazon is use to using. The [sic] simply set our bandwidth limit as unlimited and program our own scripts to hide it."

Amazon did not respond to a request for comment over the weekend.

Ownz said the group of 12 people, many of whom are based in the US, spent about two weeks programming before they launched the attack on the BBC.

"The main purpose of this benefits unmasking ISIS, stopping the spread, and possibly ending the propaganda," said Ownz. "We have been taking down ISIS websites in the past... this is just the start of a new year."

The hacktivist said the group is compiling a list of Islamic State-related targets and plans to release the list Tuesday.

Ownz declined to name any targets in advance of the planned release.

Prior to the attacks on the BBC and Trump's campaign website, the group was involved in a number of activities, including unmasking members of the Ku Klux Klan, and efforts to find and report online accounts associated with the Islamic State following the November terrorist attacks in Paris.

The group also said it was involved in the hacking of a major US retailer, which led to the unauthorized access of millions of credit cards. The hacktivist declined to identify the retailer on the record.

Ownz said that other targets were on the group's radar, particularly sites dedicated to neo-Nazi and white-supremacist materials. The hacktivist mentioned one website in passing. Moments later, the site appeared offline.

ZDNet asked if the site was offline because Ownz mentioned it in conversation just a few moments earlier.

"Yes, indeed," said the hacktivist.

Editorial standards