CUPS OF TEA WERE SPLASHED everywhere when the Raspberry Pi Foundation learned its website was under attack, apparently by someone who had money to burn on botnets.
Things are back to normal at the foundation now, if you can call somewhere that has an inflatable Portal turret normal, and Liz Upton spared some time to tell The INQUIRER what went down.
We asked her the burning questions, who and why would someone do a thing like launch a distributed denial of service (DDoS) attack on the Raspberry Pi Foundation?
"Absolutely no idea. We've all sat around in the office and offered speculation, and the best we can do is that it's either a random script kiddy sociopath, or a slightly less random script kiddy sociopath who thinks we're using the wrong sort of Linux, or really doesn't like fruit with pips," she said.
This had been the second attack on the organisation in as many days, and it looks like the same person or persons carried out both assaults. So far though, it has been only a couple of days and there are no obvious suspects.
This is the second attack in a couple of days. We haven't had the blackmail email yet. It's getting plonked when it arrives.— Raspberry Pi (@Raspberry_Pi) March 5, 2013
"We've got nothing to corroborate that suspicion [that is is the same people], but it went on for the same sort of period of time, and we were seeing the same sort of number of pattern both times," she said.
"Both of this week's attacks were SYN floods where there was a gradual ramp up in the number of packets sent to the server (which makes it difficult to work out exactly when it started), ending up with our receiving around 100k requests a second at its peak."
The foundation was also attacked last summer, though that time the assault went on for a few weeks. Upton said that the foundation's host, Mythic Beasts, had dealt with that well, and that the experience had hardened them to expect this sort of thing.
"I think we got all our tender feelings out of the way back then. It was annoying - I don't think I'd go further than that, because we had the support from Mythic to deal with it - and we were clear then, as we are now, that there's nothing antisocial we're doing that might make blackhat types go after us," she said.
"After all, we're an educational computing charity; we also don't have the sort of funds that blackmailers targeting this sort of thing often go after. (Not that we'd pony up if we did.)"
Or so says the rumour mill ...
Hello, feeling lucky? Sorry. What's your emergency?
Arrives just days after firm slams Android security as 'lacking' compared to BB10