ICE List says website was hit just as it prepared to publish names of federal immigration staff leaked by an alleged whistleblower.

A website dedicated to naming ICE and Border Patrol employees is coming under a “prolonged and sophisticated” cyber attack after the Daily Beast revealed it planned to make public 4,500 names of federal immigration staff.

The founder of ICE List said the website was overwhelmed by malicious web traffic originating in Russia after the Beast reported that a huge cache of personal IDs had been leaked to the site by an alleged Department of Homeland Security whistleblower.

The Direct Denial of Service (DDOS) assault, which began on Tuesday evening and is still ongoing at the time of publication, saw a huge number of IPs simultaneously access the website of ICE List, a self-styled “accountability initiative.”

This has successfully overloaded the ICE List’s servers and is preventing people from accessing the site. The timing coincided with ICE List founder Dominick Skinner telling the Daily Beast he would make public the first tranche of names in the dataset, which was leaked following the shooting by an ICE agent of mom Renee Nicole Good.

  • phutatorius@lemmy.zip
    2·
    12 hours ago

    Gladly.

    The discussion about whether a DDOS account has anything to do with Russia solely because the IP addresses used are Russian fails to take into account the fact that Russian state actors and affiliated parties have previously done it that way. That includes attacks against sites that I work on. Not only DDOS attacks, but lots of vulnerability-probing attacks have come from Russian IPs as well (though not all, of course: China’s a close second on that leaderboard), and in one investigation of those, our security team was able to find a forum where the attacks were being coordinated. The discussion was in Russian. That doesn’t mean they were state actors in that case, but Russia’s not the kind of place where freelancers are allowed to operate against state interests for long. So maybe volunteers for the motherland, maybe mercenaries, maybe someone with a more formal relationship with the state. In that particular case, we stopped investigating at that point, since our goal was to harden our system further, rather than worry about attribution.

    So yeah, you’d think that in the interest of good comsec, they’d go to the effort to obfuscate the origin of their attacks, but they don’t always. Maybe they’re sloppy, or they don’t see the need, or don’t want to incur the minimal additional complexity and/or cost.

    I’d like to disclose more, but I’m in a position where there are some hard limits on what I can disclose about my personal and professional life.

    Also, the Daily Beast is no paragon of journalistic integrity, but they’re more a mixed bag than a never-credible source. Case in point: Michael Wolff’s podcasts for them, which occasionally contain worthwhile insights mixed in with the tabloid gossip. I rank them a little below Times Radio, which also has a mix of clickbaity crap and occasional sound analysis. They’re certainly nowhere near the gutter that the NY Post or the Daily Mail inhabit. Well, maybe one foot, but not both.

    Anyway… mea culpa for having downvoted rather than joining in. I was in a hurry, about to head out the door, and should have instead waited until I had the time to comment.