SCO Hit By Another DDoS Attack

The SCO Group , which is embroiled in a legal battle over copyright claims over some code in the Linux open source operating system, confirmed Wednesday a massive distributed denial of service attack (DdoS) on its corporate Web site.

Officials at the SCO Group said a Denial of Service
attack took down its Web site at 4:20 a.m. Wednesday, and
will remain inaccessible for at least the next 12 hours. The breach
also took out its customer support and e-mail service.

Blake Stowell, SCO spokesperson, said this is the third time this year
an unknown attacker has brought down its site, and suspects someone in
the open source community is behind the illegal activities.

The legal authorities have been contacted, and the company’s ISP is
working on resolving the problem. Stowell said the two previous attacks
were cleaned up in 24 hours or so, and expects the site to go live again
Thursday morning.

SCO is currently embroiled in a contract dispute with IBM, which has extended to the entire Linux open source community. SCO claims Big Blue breached a contract with the company by contributing unauthorized portions of its Unix-based AIX operating system code to the open source movement. SCO claims that, as a result, Linux is an unauthorized derivative of its UNIX intellectual property.

IBM has denied the claims and countersued. A federal judge recently ruled that SCO Group has 30 days to pass along detailed information about its claims, a key ruling expected to help advance the discovery in the case, which is expected to go to trial in April of 2005.

The legal battle has inflamed many in the open source community, and the
attacks have only made matters worse. Darl McBride, SCO CEO, chastised
open source leaders
for not policing its own after an August DoS
attack brought his site down.

After the August attack, Eric Raymond, president of the Open Source
Initiative, said he was contacted by the attacker and suspected the
individual was an “experienced Internet engineer” in the open source

At the time, Raymond said, “we must never make this mistake again,
whether against SCO or any other predator. When we use criminal means
to fight them, no matter what the provocation is, we bring ourselves
down to the level of the thieves and liars now running SCO. That is
unethical and bad tactics to boot.”

Stowell said there’s no way, right now, of knowing who the culprit is
behind today’s attack and have not found the person behind the first two
attacks. Given the method of DoS attacks, which flood the TCP/IP
stack with useless traffic from a remote computer, it’s
going to be difficult to find the source of the attack.

“If it’s anything (like the August attack), then it would probably be
someone from the Linux community, but there’s no way of knowing that for
100 percent sure,” he said.

The company said the attack started around 2:20 a.m. (EST) Wednesday morning and caused its Web site and corporate operational traffic to be unavailable during the morning hours including e-mail, the company intranet, and customer support operations.

The DDoS attack on SCO is called a “syn attack” and took place when several thousand servers were compromised by an unknown person; it overloaded SCO’s Web site with illegitimate Web site requests.

News Around the Web