Skip to content
Naked Security Naked Security

Security blogger Graham Cluley’s website suffers DDoS attack

Former Naked Security writer Graham Cluley was the latest to fall victim to a DDoS attack on his website this week.


A distributed denial-of-service attack (DDoS) is a cheap but effective way to take out your target’s website by flooding it with so much traffic that the web server becomes overwhelmed and the website crashes.

There are those who use DDoS attacks as a kind of online protest, such as hacktivist groups like Anonymous.

Then there are those who do it to “amuse” themselves, like the Lizard Squad who took out Playstation and Xbox servers on Christmas Day last year.

And then there are other DDoS attacks that come from cybercriminals who don’t care about politics or hijinks – they just want money.

Recently a cybergang calling itself the Armada Collective has been attempting to extort money from victims by threatening DDoS attacks unless a ransom is paid in bitcoins.

One Swiss company, the encrypted webmail provider ProtonMail, recently paid $6000 in bitcoins after receiving a ransom from the Armada Collective, it said. The site was still DDoSed.

And now, the latest site to fall victim to a DDoS attack is that of former Naked Security writer Graham Cluley.

We don’t know why Graham was targeted, but on Twitter he noted that he didn’t receive a ransom demand, so it must have been “personal.”

Unfortunately, it doesn’t take much skill to launch this kind of attack.

Anybody with a little bit of money and the will to wreak havoc can launch DDoS attacks with simple DDoS-for-hire web tools that harness armies of zombified computers to bombard your website with thousands or millions of illegitimate web requests.

DDoS attacks are simple but destructive – if your website goes down for any period of time, your customers can’t get through and you end up losing new sales, losing customers, or missing out on ad revenue, depending on what your website’s purpose is.

In Graham’s article about how ProtonMail initially caved to the extortion demands, but then had a change of heart, Graham wrote something very sensible about how we should treat extortionists, blackmailers and ransom-takers:

No-one should ever pay internet extortionists.

For those who receive a ransom demand, it might seem like a few thousand dollars is a fair price to pay when your customers are complaining they can’t access your services, and your business is hurting.

But if we pay the extortionists’ demands, that will only give them more reason to do it again.

Image of attacking cursor arrows courtesy of


I wonder how many of these this “Armada Collective” group can sustain at once?

On the Swiss Gov’t CERT site, it shows the general message they usually send a few days before the attack, claiming they can reach rates of “sometimes over 1Tbps per second.”

For the sake of argument, let’s say that roughly 1Tbps is the maximum force they can bring to bear for a DDoS attack, if they only have a single attack going.

What if nobody pays the ransom—unlikely, I know, but stay with me—and everyone decides to just ride-out the attack, how many attacks can “Armada Collective” possibly sustain at once before they have to stop one attack to start another?

Let’s say they have 100,000 bots/zombies at their disposal, averaging about 10Mbps per bot/zombie. That’s roughly 45x smaller than the “Srizbi” botnet (the largest or second-largest botnet ever recorded).
If my mental math is correct, they can only do 100Gbps/attack for 10 sustained attacks, 10Gbps/attack for 100 sustained attacks, and so on.

They would have to run out of steam for new (effective) attacks after a certain amount of obstinate resistance…wouldn’t they?


Just speculating here, but Graham was quite critical of a well known company that suffered a massive DDOS and data breach recently. You can’t help wondering if that had something to do with it? Disgruntled employees / shareholders / hackers proving themselves on outspoken people etc. Who knows why they DDOS people?

I see this happen a lot these days – don’t like what someone is doing then DDOS them or discredit them online. Even going as far as to remove and edit posts to suit their means. Their end objective is to scare them into submission so that they would be less willing to be outspoken in the future. However, from what I can gather about Graham it’s likely to have the opposite affect. I hope he is even more outspoken.

Keep up the good work Graham!


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!