dcsimg
RealTime IT News

SCO Hit By Another DDoS Attack

The SCO Group , which is embroiled in a legal battle over copyright claims over some code in the Linux open source operating system, confirmed Wednesday a massive distributed denial of service attack (DdoS) on its corporate Web site.

Officials at the SCO Group said a Denial of Service attack took down its Web site at 4:20 a.m. Wednesday, and will remain inaccessible for at least the next 12 hours. The breach also took out its customer support and e-mail service.

Blake Stowell, SCO spokesperson, said this is the third time this year an unknown attacker has brought down its site, and suspects someone in the open source community is behind the illegal activities.

The legal authorities have been contacted, and the company's ISP is working on resolving the problem. Stowell said the two previous attacks were cleaned up in 24 hours or so, and expects the site to go live again Thursday morning.

SCO is currently embroiled in a contract dispute with IBM, which has extended to the entire Linux open source community. SCO claims Big Blue breached a contract with the company by contributing unauthorized portions of its Unix-based AIX operating system code to the open source movement. SCO claims that, as a result, Linux is an unauthorized derivative of its UNIX intellectual property.

IBM has denied the claims and countersued. A federal judge recently ruled that SCO Group has 30 days to pass along detailed information about its claims, a key ruling expected to help advance the discovery in the case, which is expected to go to trial in April of 2005.

The legal battle has inflamed many in the open source community, and the attacks have only made matters worse. Darl McBride, SCO CEO, chastised open source leaders for not policing its own after an August DoS attack brought his site down.

After the August attack, Eric Raymond, president of the Open Source Initiative, said he was contacted by the attacker and suspected the individual was an "experienced Internet engineer" in the open source community.

At the time, Raymond said, "we must never make this mistake again, whether against SCO or any other predator. When we use criminal means to fight them, no matter what the provocation is, we bring ourselves down to the level of the thieves and liars now running SCO. That is unethical and bad tactics to boot."

Stowell said there's no way, right now, of knowing who the culprit is behind today's attack and have not found the person behind the first two attacks. Given the method of DoS attacks, which flood the TCP/IP stack with useless traffic from a remote computer, it's going to be difficult to find the source of the attack.

"If it's anything (like the August attack), then it would probably be someone from the Linux community, but there's no way of knowing that for 100 percent sure," he said.

The company said the attack started around 2:20 a.m. (EST) Wednesday morning and caused its Web site and corporate operational traffic to be unavailable during the morning hours including e-mail, the company intranet, and customer support operations.

The DDoS attack on SCO is called a "syn attack" and took place when several thousand servers were compromised by an unknown person; it overloaded SCO's Web site with illegitimate Web site requests.