Lausanne Christian conference is targeted by hackers and malicious cyber attack
For the last couple of days we've been running around at quite a pace trying to get all of the rich media contend from the Lausanne Congress onto the Global Conversation site for people across the world to see what is taking place in Cape Town.
The Lausanne Leadership team had negotiated to get access to the same bandwidth 'pipe' that was used for the 2010 world cup soccer in South Africa (if I am not mistaken it is a dedicated 23 megabit pipe out of SA). This should be plenty of bandwidth to upload video, audio and photos, as well as allowing regular ussage of the internet by the Congress Staff and Participants.
Well, that was not to be! From fairly early on we started realising that there was something amiss. It was incredibly difficult to get our content on the servers that would host it, moreover, the internal networks at the Cape Town International Convention Center were so slow, and in fact kept dropping out so much so that they became unusable for both staff and participants.
My social networking team resorted to using BlackBerries, iPhones, 3G data cards and iPads to keep the blogs, twitter and facebook streams up to date. Most of the photographs and information that we were posting was coming from our cell phones, iPads and laptops... Not ideal! We even had a 'sneaker-net' running (in fact we still do). One of our volunteers named Ryan runs to the photographers, videographers and others with his thumb drive to get content that we can upload to the various platforms!
Here's our handsome team ;-) (you'll notice a few of the blogger network in this picture as well).
So, here's what I think has happened. There was an external denail of service attack on the hosting servers for http://www.capetown2010.com and http://www.lausanne.org/conversation - a denial of service attack is a simple, but effective, way to bring down a server. To explain it simply, all one needs to do is direct so much traffic at a web server that it cannot server the page requests quickly enough (if often happens when a page gets on the front page of Digg.com or Slashdot - the request for page views is so high that the server locks up). In this case I assume that someone or some group got access to a network of compromised computers (zombie machines, most commonly Windows XP and Windows 98 machines that have been taken over with a trojan), and this network of machines started hammering the servers. This simply 'sucks the air' out of the system and it stops working!
That's what caused the external server failure in my opinion - who did it? Why did they do it? I can't say for sure. But I do think that they did it because they don't agree with the work of the congress and didn't want the message and content of the congress to get out to the open world.
So, we found a way around that by uploading our video, audio and pictures to other servers (even free services like Vimeo and YouTube).
It reminds me a little bit of Ori Brafman and Rod Beckstrom's book 'The Starfish and Spider' - distributed networks can cope far better with this kind of attack, and they are far harder to target! I was so pleased that we had suggested this strategy in a meeting just two days before the congress, and that it worked out in the end! Well done to the Web team! In effect we made sure that the date was hosted in multiple locations on multiple services, owned by multiple organizations.
The second area of internet failure related to the internal wifi network in the CTICC. From what I have heard it would seem that someone brought a cellphone with a virus onto the network (probably a participant who accessed the network via the free wifi we provide). This virus quickly spread through out the network and shut the internal systems down for both staff and participants....
I have one thing to say on this - get a Mac ;-)
In the post from Andrew Jones (one of the members of the Lausanne Blogger Network) on his 'TallSkinnyKiwi' blog you can read more about the two volunteers who helped to solve that problem.
I have also included the official press release from Lausanne for your interest.
All that I would say is that there are some persons who disagreed with the work and message of the Lausanne movement and so decided to hack the network. Sad, but true.
Here's TallSkinnyKiwi's post:
Here's the skinny. The bandwidth and internet access problems that have plagued the Lausanne World Congress in Cape Town over the past few days were the result of a malicious virus from a phone brought into the Cape Town International Convention Center. According to unofficial reports, millions of hits from 66 different sites eventually crashed the system.
Which country? Well, one of my strongest theories was that the New Zealand Government was upset at their small representation and were getting back at Lausanne. But now we have heard that 95% of these internet hits came from the country of China, and the 66 locations were also situated in China, and that account of a Chinese fellow taking photos of Congress participants before running away, and this has caused us to consider China at least as a potentially suspicious candidate. And so . . . after weighing the possibities, well . . . I still think it was New Zealand those cheeky beggers!
Now heres the scoop. Our problems were solved by two Indian cousins from Bangalore who were here as volunteers in the IT department. They came to connect printers and ended up stopping viruses. In fact, they have already solved the problem and we are back on track.
Shout out to our two geeky heros: Unisys Global Services employee Vijay Kumar and Pastor Daniel Singh who has just got figured out why he got a doctorate in computational biology.
I took this photo a few minutes ago of Vijay (left) and Daniel (right) during Tim Keller's talk on global cities. Sorry for the flash, Tim.
Offical press release from Lausanne here. Many unoffical releases, like this one, are all over the net. Check out Note on Lausanne live blog at Outreach Mag for a fuller post on this event.
Here's the Press Release from the Lausanne Movement:
Malicious hits from multiple locations crash system
SOUTH AFRICA 20 OCTOBER 2010 Organizers of Cape Town 2010, the widest gathering of Christians in the history of the Church, today announced that their internet communication to the outside world had been hacked. ‘We have 700 GlobaLink sites in 95 countries extending the Congress to 100,000 people’, said Victor Nakah, GlobaLink Chair for the Congress. ‘Finally, after two rough days, they are being served as planned.’
The sophisticated computer network developed for sharing Congress content with the world was compromised for the first two days of the Congress. ‘We have tracked malicious attacks by millions of external hits coming from several locations’, said Joseph Vijayam, IT Chair of The Lausanne Movement, sponsor of the gathering. ‘Added to this was a virus brought into the centre on a mobile phone.’
Asked if he could confirm where the hacking came from, he replied, ‘We have a pretty strong indication, but one can never be absolutely certain, so we prefer not to share our suspicions.’
The Congress has drawn carefully-selected participants from 198 nations representing many of the best minds and the most courageous practitioners in the Church. Joseph Vijayam explained that two cousins from Bangalore had largely been responsible for solving the difficulties, due to their unique expertise in the exact problems the Congress was experiencing. Vijay Kumar, an employee of Unisys Global Services, and Daniel Singh, a pastor with a doctorate in computational biology, came forward to help when they learned of the situation. They had come to the Congress as volunteers to help hook up printers and other basic IT tasks. ‘I believe God in his sovereignty brought them to us,’ Mr Vijayam said
PS., of all of the MANY reports I have read on these events, I think this one is the most plausible (and entertaining) ;-)
Reader Comments (1)
Somone should give this man a job as a systems analyst...
Thanks Dion for the technical breakdown, diplomatic lowdown, and human story to boot...
If this was running on macs that, what would the chances of under the hood technies arrriving have been?