Earlier this week, The Lexington Times faced a significant cyberattack shortly after we published an article disclosing the list of wealthy donors supporting the “Vote Yes for Parks” ballot initiative.
By Tuesday morning, the article had circulated widely on social media platforms, including the Lexington subreddit. The piece sparked intense backlash, with many users criticizing our decision to publish the donor information.
Around 10 a.m. on Tuesday, automating monitoring software logged unusual activity on our website. CPU usage was at full capacity, pages were loading slower than usual, and certain features weren’t functioning properly.
Attack Timeline and Response
By 11 a.m., it became clear that we were under attack. To protect the website and our readers, our software automatically activated Cloudflare’s “I’m Under Attack” mode, a security feature designed to safeguard websites from distributed denial-of-service (DDoS) attacks and other malicious activities.
Despite these defenses, our logs indicated that between 11 a.m. and 12:04 p.m., the website was inundated with over 42,000 malicious requests originating from a single IP address traced to a Virtual Private Server (VPS) provider in the Netherlands.
Attackers sent over 40,000 malicious requests to Lexington Times servers on Tuesday. (Cloudflare screenshot)
The nature of the attack involved SQL injection attempts, where malicious code is inserted into a website’s database queries. This can potentially allow attackers to manipulate or access sensitive data. The logs revealed complex payloads targeting vulnerabilities in our site’s database handling, including:
URLs containing SQL commands like PG_SLEEP(15) and DBMS_PIPE.RECEIVE_MESSAGE, which are functions specific to PostgreSQL and Oracle databases.
Attempts at time-based blind SQL injection attacks that rely on measuring server response times to extract information.
Attackers utilized a variety of SQL injection attack methods against The Lexington Times.
Assessing the Situation
Given the timing of the attack and the immediate backlash on Reddit, it’s plausible that the cyberattack was a direct response to our publication of the donor list. It appears someone took offense to our reporting and decided to target us.
The tools used in the attack suggest that the perpetrator may not have been a highly skilled hacker but someone leveraging readily available software. The use of automated scanning and exploitation tools commonly found in Kali Linux, an operating system used for penetration testing and ethical hacking, points to this possibility. Kali Linux includes user-friendly tools like SQLMap, which can automate SQL injection attacks, making it accessible for individuals with relatively low technical expertise to launch significant cyberattacks.
Our Commitment to Transparency and Security
We are relieved that our proactive measures and existing security protocols helped mitigate the attack without significant downtime or data loss. However, this incident underscores the need for constant vigilance and robust cybersecurity measures.
In response to the attack, we plan to take the following actions:
Reporting the Abuse: We will report the malicious IP address to the VPS provider, providing detailed logs to assist in their investigation.
Enhancing Our Security: We will strengthen our web application firewall rules to detect and block similar attacks in the future.
Conducting Regular Security Audits: We will schedule periodic vulnerability assessments and penetration tests to identify and address potential weaknesses.
Engaging with the Community: We encourage open dialogue with our readers to address concerns and foster constructive discussions around important issues affecting Lexington.
Why We Published the Donor List
Our decision to publish the donor list was driven by a commitment to transparency. Understanding who is financially supporting ballot initiatives allows the community to make informed decisions. While we recognize that this information can be sensitive, we believe that shedding light on these connections is in the public interest.
Moving Forward
This incident highlights the challenges media organizations face when reporting on sensitive topics, especially those involving influential figures and potential societal impacts like gentrification. It’s a reminder that powerful tools are readily accessible and can be misused by individuals seeking to suppress information.
We remain dedicated to our mission of providing in-depth, responsible journalism. Protecting our platform and ensuring the integrity of our reporting are top priorities. We will continue to invest in cybersecurity measures to safeguard our website and our readers.
Wed, October 9, 2024
Commentary
Lexington Times Web Editor
Earlier this week, The Lexington Times faced a significant cyberattack shortly after we published an article disclosing the list of wealthy donors supporting the “Vote Yes for Parks” ballot initiative.
On Monday evening, we released an investigative piece that revealed the names of affluent individuals and businesses backing the campaign. While the initiative aims to increase funding for local parks, there are concerns that it may accelerate gentrification in Lexington, potentially raising property values and displacing lower-income residents. We believed it was crucial for the community to be aware of who is financially influencing this measure.
By Tuesday morning, the article had circulated widely on social media platforms, including the Lexington subreddit. The piece sparked intense backlash, with many users criticizing our decision to publish the donor information.
Around 10 a.m. on Tuesday, automating monitoring software logged unusual activity on our website. CPU usage was at full capacity, pages were loading slower than usual, and certain features weren’t functioning properly.
Attack Timeline and Response
By 11 a.m., it became clear that we were under attack. To protect the website and our readers, our software automatically activated Cloudflare’s “I’m Under Attack” mode, a security feature designed to safeguard websites from distributed denial-of-service (DDoS) attacks and other malicious activities.
Despite these defenses, our logs indicated that between 11 a.m. and 12:04 p.m., the website was inundated with over 42,000 malicious requests originating from a single IP address traced to a Virtual Private Server (VPS) provider in the Netherlands.
The nature of the attack involved SQL injection attempts, where malicious code is inserted into a website’s database queries. This can potentially allow attackers to manipulate or access sensitive data. The logs revealed complex payloads targeting vulnerabilities in our site’s database handling, including:
PG_SLEEP(15)andDBMS_PIPE.RECEIVE_MESSAGE, which are functions specific to PostgreSQL and Oracle databases.Assessing the Situation
Given the timing of the attack and the immediate backlash on Reddit, it’s plausible that the cyberattack was a direct response to our publication of the donor list. It appears someone took offense to our reporting and decided to target us.
The tools used in the attack suggest that the perpetrator may not have been a highly skilled hacker but someone leveraging readily available software. The use of automated scanning and exploitation tools commonly found in Kali Linux, an operating system used for penetration testing and ethical hacking, points to this possibility. Kali Linux includes user-friendly tools like SQLMap, which can automate SQL injection attacks, making it accessible for individuals with relatively low technical expertise to launch significant cyberattacks.
Our Commitment to Transparency and Security
We are relieved that our proactive measures and existing security protocols helped mitigate the attack without significant downtime or data loss. However, this incident underscores the need for constant vigilance and robust cybersecurity measures.
In response to the attack, we plan to take the following actions:
Why We Published the Donor List
Our decision to publish the donor list was driven by a commitment to transparency. Understanding who is financially supporting ballot initiatives allows the community to make informed decisions. While we recognize that this information can be sensitive, we believe that shedding light on these connections is in the public interest.
Moving Forward
This incident highlights the challenges media organizations face when reporting on sensitive topics, especially those involving influential figures and potential societal impacts like gentrification. It’s a reminder that powerful tools are readily accessible and can be misused by individuals seeking to suppress information.
We remain dedicated to our mission of providing in-depth, responsible journalism. Protecting our platform and ensuring the integrity of our reporting are top priorities. We will continue to invest in cybersecurity measures to safeguard our website and our readers.
Lexington Times Web Editor
Recommended Posts
Federal Investments Are Funding Improvements and Creating Jobs in Nearly All Kentucky Counties
Tue, October 8, 2024
New FBI Data Shows No Evidence of a Violent Crime Wave in Kentucky
Tue, October 8, 2024
Don’t Let the Wealthy Hijack Lexington’s Future: Vote NO on the Parks Tax this November
Fri, October 4, 2024