UNIX Systems Administrator (IL) Next Step Systems US-IL-Chicago Post A Job | Post A Resume

ESR Confirms DoS Attack; Hacker to End Attack

By Eric S. Raymond
President
Open Source Initiative

I have just received confirmation that there was indeed a DoS attack on SCO's network, a rather sophisticated one organized by an experienced Internet engineer. The person responsible has agreed to terminate the attack in response to my earlier request[1], but it will not actually end until the timers on his 'bots run out.

I don't actually know who the attacker is, and don't want to; the person who phoned me was not him, but an associate -- what spies call a cut-out. It is clear that the attacker was no script kiddie; he was able to come up with a subtle, selective attack that only took out a subset of sites on the subnet that hosts SCO and looked like a site outage from the outside.

I had been hoping, and actually expecting, that the attacker would turn out to be some adolescent cracker with no real connection to the open-source community other than a willingness to stand down when one of its leaders asked. But no; I was told enough about his background and how he did it to be pretty sure he is one of us -- and I am ashamed for all of us.

This attack was wrong, and it was dangerous to our goals. I realize the provocation was extreme; since March SCO has threatened, grossly insulted, and attacked our community and everything we've worked for. I'm certainly not without sympathy for the person who did this.

Nevertheless...we must *never* make this mistake again, whether against SCO or any other predator. When we use criminal means to fight them, no matter what the provocation is, we bring ourselves down to the level of the thieves and liars now running SCO. That is unethical, and bad tactics to boot.

Public opinion matters, it even influences judges. We must do right, and we must be *seen* to do right, in order to win against SCO and the bigger, nastier foe pulling their strings. In an info-war like this, truth is the most potent weapon, but a reputation for virtue and honesty runs a close second. Don't be the one to throw ours away!

One more request. Please try to keep the conspiracy theorizing under control, at least in public forums. Yes, SCO is behaving much like a sock puppet of Microsoft now, but we have neither any evidence of conspiracy prior to the lawsuit there nor any need to suppose it to explain either company's behavior. Overheated speculation about how long they've been plotting this just makes us look paranoid. Stick to the facts; Microsoft, a convicted predatory monopolist, is funding a lawsuit against its only serious competition to the tune of more than six megabucks, and their money is the only real income SCO has. That's quite enough without the speculation.

Rebel Alliance provisional command...uh...thanks you for your cooperation. There will be further dispatches shortly. Keep watching the skies...

[1] http://lwn.net/Articles/46229/

Let SCO Hang Itself

The confrontation between SCO and the open-source community has now escalated to open war. I suppose, in retrospect, that this was inevitable once SCO announced its intention to sue on a theory that would make all open-source licenses invalid. And we all know who's lurking like Emperor Palpatine behind Darl Vader, funding his lawsuit to the tune of at least $6,000,000[1] even if not otherwise pulling his strings.

SCO/Caldera's site is being hit by a massive denial-of-service attack today. The timing, the scuttlebutt on Slashdot and elsewhere, and the contents of my mailbox all suggest strongly that the DOS attack was triggered by Darl McBride's slanderous interview[2] accusing the community of being IBM's sock puppets, and my response[3] to it.

It appears that my response articulated what many of us have been feeling for months as SCO's public rantings grew ever wilder and more destructive. McBride's personal accusations against me bother me very little, but I am nevertheless honored and humbled by the heartfelt support many of you have emailed. A good number of you seem to want to elect me your war-leader in this crisis -- maybe it's time for me to dust off that Obi-Wan Kenobi costume the SVLUG people made for me to wear on the original Windows Refund Day :-). I will strive to be worthy of your trust.

With whatever authority I have, I ask that the DOS attack cease immediately. Please stand down now. We have better ways to win this fight.

There are at least three reasons running a denial-of-service against SCO is a bad idea:

First: We're the good guys. But that doesn't matter if we aren't seen to be the good guys. We cannot fight our war using vandalism and trespass and the suppression of speech, or SCO will paint us as crackers and maybe win. Let's keep the moral high ground here.

Second: We have other tools that are more powerful. We have an astonishingly strong set of facts on our side. SCO has been caught in multiple lies, wholesale IP violations, and defamatory statements. The way to destroy them is with legal weapons. We can do that.

Third: SCO is its own worst enemy. Every time its spokespeople open their mouths, they dig their company's grave a little deeper. Consider their statements at SCOforum and what followed. We're in an even stronger position than we were three days ago.

We want them raving in public. It helps us. Everything they say is more rope to hang them with in a courtroom, but they're too trapped in their own propaganda-based strategy to do the smart thing and shut up. Their problem is that the moment they stop FUDding long enough for people to get a clear-eyed look at the facts[4] their credibility will evaporate and their stock price will crash hard. Even all the legions of Microsoft's press shills, captive analysts, and astroturfers won't be able to rescue them.

Stop the DOS attack. Let SCO speak out and hang itself.

Right now, the most helpful thing you can do is collect SCO's published statements and show how they have repeatedly contradicted themselves and lied about the facts. I've received some genuinely useful stuff by email describing factual and legal vulnerabilities that the research team[5] here at Alliance HQ didn't spot on its own -- papers like Greg Lehey's analysis[6] of the code SCO revealed at SCOforum showing that they must have stripped BSD copyrights out of their kernel tree. The reports indicating reason to believe that there is probably GPLed code in Unixware's Linux Personality Module were helpful too.

One of our big advantages over SCO is distributed brainpower. There are a lot of us, and we have excellent Internet-research skills. Want to strike a blow against SCO? Help convict them using their own public statements, their own 10Ks and 10Qs, all the press coverage, the material that's in their web and FTP sites. Collate. Assemble dossiers. The facts are with us, so gather and use the facts. All cheesy Star Wars references aside, this is info-war. Truth -- believable and provable truth -- is the weapon.

This is why sites like the IWeThey SCOvsIBM page[7] and WeLoveTheSCOInformationMinister[8] aren't just good clean fun; they're valuable references to help lawyers demonstrate SCO's record of bad faith, lies, and massive intellectual-property theft. Do more of that; in particular. the IWeThey wiki badly needs updating and better cross-references. These things will be used to defeat SCO -- and sooner than you probably think.

I'm organizing a conference call early this coming week among a few key leaders to decide on the next stage of our response. Have patience. There is a plan developing, which I can't talk about because the element of surprise is part of it. We will counterattack at a time and place of our choosing and we will win.

Rebel Alliance provisional command, over and out... :-)

[1] http://www.infoworld.com/article/03/08/08/31OPcringely_1.html

[2] http://www.nwfusion.com/news/2003/0825scoatta.html

[3] http://www.catb.org/esr/writings/mcbride.html

[4] http://www.opensource.org/sco-vs-ibm.html

[5] The research team: myself, Rob Landley, and Catherine Raymond, esq.

[6] http://www.lemis.com/grog/SCO/code-comparison.html

[7] http://twiki.iwethey.org/twiki/bin/view/Main/SCOvsIBM

[8] http://www.anerispress.com/wltsim/
--

Eric S. Raymond

Related Stories:
OSI President Responds to SCO's DoS Claims(May 07, 2003)
PR: FBI Investigating DDoS Attack, SCO Suspects Link to Linux Community(May 06, 2003)
CNET News: Net Attack Crushes SCO Web Site(May 03, 2003)

Index Mode   |   Flat Mode   |   Thread Mode   |   Thread Flat     Talkback(s) Name  and Date   Are we sure its a DOS attack?    Uno Engborg Aug 24, 2003, 12:55:12     BADA_BING!    christian kuzmanic Aug 24, 2003, 13:27:58     Contrary to all evidence microsoft did win too    wb Aug 24, 2003, 13:36:06     It doesn't hurt sco at all    Brad Aug 24, 2003, 13:45:24     Eric Raymond's Assumption that the DOS on SCO    Hayl Aug 24, 2003, 13:45:47     This is promising    stwrtpj Aug 24, 2003, 13:57:50     Innocent until proven guilty    Abe Aug 24, 2003, 14:04:10     Red Leader Stay on Target!    Simplicissimus Aug 24, 2003, 14:23:12     SCO behind DDOS on sco.com    Norman MAdden Aug 24, 2003, 14:26:05     DOS?    Christopher Curtis Aug 24, 2003, 14:26:13     Maybe not the OSS folks doing the DoS..    Jeff Cobb Aug 24, 2003, 14:26:49     6 miljon for a license?    Albert Elfv Aug 24, 2003, 15:14:18     DOS? RUSure?    robT Aug 24, 2003, 15:25:58     I agree    K. P. Aug 24, 2003, 15:31:13     watch out    geoff lane Aug 24, 2003, 15:43:25     My conspiracy theory    gazonk Aug 24, 2003, 16:00:37     Re: DOS?    Christopher Curtis Aug 24, 2003, 16:35:00     Is it really    drew Roberts Aug 24, 2003, 17:18:40     Are you sure it's coming from Linux users?    Ursus Orribilus Aug 24, 2003, 17:38:29     Is there really a DOS attack?    Anil Wang Aug 24, 2003, 17:45:47     DOS Attacks    Jim Aug 24, 2003, 17:48:41     Addendum:    Ursus Orribilus Aug 24, 2003, 17:50:14     Why then can I still reach out to www.canopy.com&#    Kurt Pfeifle Aug 24, 2003, 17:51:47     Who says it's our side?    Michael A. Hobson Aug 24, 2003, 17:53:47     Not a DOS attack?    Derik Aug 24, 2003, 18:23:53     Just a second here...    Penguinisto Aug 24, 2003, 19:14:16     Irresponsible comments from ESR    Anonymous Aug 24, 2003, 19:23:13     Hmm. Okay.    Paul Dorman Aug 24, 2003, 19:34:44     *sigh*    sdfsdf Aug 24, 2003, 20:15:45     To Eric    blacklight Aug 24, 2003, 20:23:03     DDOS are you sure    Charles Esson Aug 24, 2003, 21:03:44     Re: Contrary to all evidence microsoft did win too    christian kuzmanic Aug 24, 2003, 21:08:10     why not DOS email server    whg Aug 24, 2003, 21:36:31     Re: DOS?    Bojan Smojver Aug 24, 2003, 21:39:12     Netcraft    Yo Aug 24, 2003, 22:15:38     Re: DOS?    Daniel Aug 24, 2003, 22:22:39     Re: Are we sure its a DOS attack?    Wogster Aug 24, 2003, 22:32:58     Microsoft    Nick Aug 24, 2003, 22:56:51     possible SCO Federal raid    Norman Madden Aug 24, 2003, 22:58:41     Emphasis on the "If"    J. Buckle Aug 24, 2003, 23:12:48     Caution .... Beware !!!    cyzedx Aug 24, 2003, 23:18:27     To Eric - II    blacklight Aug 25, 2003, 00:40:56     Quite appropriate...    LackeyOfIBM Aug 25, 2003, 00:46:54     IBM are DDoSing The SCO Group    Leon Brooks Aug 25, 2003, 00:47:54     Perhaps someone put that webserver through a shred    Leon Brooks Aug 25, 2003, 01:00:10     Re: Why then can I still reach out to www.canopy.c    Blue Knight Aug 25, 2003, 01:02:50     Re: Re: DOS?    Bojan Smojver Aug 25, 2003, 02:22:32     Re: To Eric - II    Bojan Smojver Aug 25, 2003, 02:24:17     Re: Quite appropriate...    Norman Madden Aug 25, 2003, 02:49:02     Re: Re: DOS?    Norman Madden Aug 25, 2003, 02:59:34     Eric, get lost!    Ruiz Aug 25, 2003, 03:00:13     Re: DDOS are you sure    Richard N. Turner Aug 25, 2003, 03:40:12     Home | Search Talkbacks | Customize View    Top of Page   Enter your comments below: * Your Name: * Your Email Address: * Subject: CC: [will also send this talkback to an E-Mail address] * Comments: Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content. Fields marked with * are required!