Home Security News Unveiling the Truth Behind the AP News Website's Denial-of-Service Attack: Analysis, Response, and Possible Perpetrators

Unveiling the Truth Behind the AP News Website's Denial-of-Service Attack: Analysis, Response, and Possible Perpetrators

Posted: November 27, 2023

black and white computer keyboard

Denial-of-Service Attack on AP News Website

The Associated Press news website, an international news source, fell victim to an outage that aligns with the traits of a denial-of-service (DoS) attack, recognized as a federal criminal act. This type of cyber-attack typically involves the inundation of an online platform with an excessive volume of data to overwhelm its system and render it non-functional.

Outage consistent with a Denial-of-Service attack

A denial-of-service contravention is discernible through certain characteristics, such as the sudden shutdown of a website or online service due to an influx of information aimed at crashing the site's infrastructure. In the case of apnews.com, these symptoms were exhibited in a suspected DoS attack. When users attempted to access the news site on Tuesday afternoon, October 31st, they were greeted with the site's homepage, but navigating further into the site proved unsuccessful.

The website's homepage loaded, but individual story links failed

Despite the homepage being accessible, the plight of the users unfolded once they clicked on the links, leading to individual stories. The expected news stories failed to surface in various ways: some pages simply appeared blank, while others produced error messages. These glitches point toward the possibility of a denial-of-service attack, where debilitating amounts of data are used to disrupt the functioning of a website.

Resolution of the problem by Wednesday morning

Despite the unpleasant occurrence, the issue was promptly addressed, yielding a resolution by Wednesday morning, November 1st. Users could access the website in its entirety following the resolution of the issue, signifying the return of normal service. It is worth noting that AP's delivery systems and mobile apps remained unaffected during the outage. Behind the scenes, the site's engineers and media relations managers persistently grappled with fluctuating traffic surges to restore the normal operations of the website.

Response from AP News

In response to the abnormal behavior of the website noted by users and tech analysts, representatives of the Associated Press shared some insights into the situation. Nicole Meir, a media relations manager at the company, confirmed that they had experienced periodic traffic surges,e often symptomatic of a denial-of-service attack.

Confirmation of periodic surges in traffic from AP's media relations manager

Nicole Meir addressed the issues experienced by the AP news site, stating that they had observed periods of unusually high traffic rush. She added that although they believed they had managed to control the surges from one source, they would resurface from elsewhere, indicating a coordinated and adaptive attack pattern. However, Meir emphasized that they were still investigating the issue's root cause.

Delivery systems to customers and mobile apps remained unaffected

In a reassuring note to their users and customers, the AP News also confirmed that their delivery systems to customers and mobile applications were unaffected despite the website disruptions with the potential denial-of-service attack. This suggests that the data flooding primarily targeted the website platform, allowing AP News to continue delivering its service through other channels during the incident. This continuity emphasizes AP News's robust multi-platform operational system, which ensured that their services could be sustainedbe sustained despite the website being threatened.

Possible Perpetrators

In cybercrime, where attacks are often anonymous, attributing responsibility can be complex. However, amidst the chaos, a hacktivist group named Anonymous Sudan claimed responsibility for the attack on the AP News website. Their alleged involvement in the attack was relayed via messages posted on their Telegram channel.

Anonymous Sudan issued a proclamation stating that it would be carrying out cyber-attacks on Western news outlets. This proclamation and the subsequent attack on AP News served as a self-incriminating confession, with the group directly claiming responsibility for the suspected denial-of-service attack.

Proof of attack shown via screenshots

Following their bold claim, Anonymous Sudan sought to provide evidence of their successful attack, posting screenshots of inaccessible news sites, including AP News. These images served as their ‘proof' of a successful attack. However, as pointed out by cybersecurity analyst Alexander Leslie, this common strategy involves causing a temporary outage, capturing screenshots as evidence, affecting a limited number of users in a short period, and then declaring it a colossal success. AP News has not been able to independently verify whether Anonymous Sudan was indeed behind the attack.

Analysis from Cybersecurity Firm Recorded Future

As new developments arose after the suspected denial-of-service attack on the AP News website, Alexander Leslie, a cybersecurity analyst from Recorded Future, provided expert analysis on the typical mechanisms followed by actors carrying out such digital offenses.

The simple propaganda mechanism used by the actor

According to Leslie, the propaganda strategy utilized by these cyber offenders is relatively straightforward. His insights highlight a common pattern observed in such acts where the involved actor executes a short-lived attack, allowing them to create 'proof' of the damage caused. Rather than aiming for an extended disruption, the focus is on immediate, tangible evidence of the attack.

The actor conducts a temporary attack and claims it is a major success

This strategy's central facet hinges on the attack's demonstrable impact. As Leslie explains, the actor will perform a temporary attack that leads to a temporary outage. This outage might only last a while and affect a relatively small number of users. Nonetheless, the actor then capitalizes on this apparent 'success' by screenshotting the 'proof' of the outage, subsequently claiming their operation to have been a significant victory.

The inability of AP to verify whether Anonymous Sudan was behind the attack

Despite the plausible explanations and the claims made by Anonymous Sudan, a conclusive verification of the culprits behind the attack on AP News could not be made. Given the complexity and anonymity inherent in the cyber landscape, the AP has thus far been unable to confirm whether Anonymous Sudan was the orchestrator of the attack, leaving the issue unresolved.