The Swedish newspapers Sydsvenskan and Norrköpings Tidningar have strenuously denied that persons with access to their computers have taken part in a criminal attack on Dispatch International (see our reports here and here).
As we have already made clear, we have not accused management of these media of having condoned or ordered the attack. However, we have incontrovertible evidence that persons with access to their systems have been involved.
As the two newspapers pretend not to understand what we have been trying to tell them, let us repeat the facts:
During November 22 and 23 we were exposed to an attack that was not a normal Denial of Service-attack. Its objective was not to overload our server – as is the case with a normal DOS-attack. It was constructed in such a way that it sent a specific and invalid request, which caused one of the services driving our website to crash.
The code used in the attack consists of our web address followed by several numbers and symbols. The likelihood that a great number of people may have entered this complex code by mistake time and again (a large number of IP addresses apart from those that can be traced to Sydsvenskan and Norrköpings Tidningar were used in the attack) must be deemed extremely remote.
There is every indication that someone with specialist hacking knowledge has constructed the code with the intent of damaging our website.
Here are the screen shots of the logs relevant for Sydsvenskan and Norrköpings Tidningar. For obvious reasons we have omitted the code used in the attack. We have, however, given it to the police.
An interesting aspect of the attack is that when the code had been constructed, the master hacker could simply disseminate it and encourage people to click on it – precisely as we were ready to send out our weekly online paper.
As we have been subjected to attacks ever since we got started, we maintain a high level of security. In recent days our website has been read via automated tools such as Acunetix, Nessus, Qualys and Nikto. Their purpose is to detect potential weaknesses or gain detailed information about how our system is constructed.
We have also noticed a great number of attempts over the past week to inject PHP webshells and SQL-injects (http://en.wikipedia.org/wiki/
We urge Sydsvenskan, Norrköpings Tidningar and the other organizations whose servers have been used to commit cybercrime against Dispatch International to find out what persons in their organizations have participated in the crime.
And we reiterate that Sydsvenskan, Norrköpings Tidningar and the other organizations that harbor people willing to engage in criminal activity remain legally responsible for hacker attacks emanating from their servers.