Let me start by giving my credentials. I am a Linux/UNIX guy, which is the operating system that, last I checked, about 60% of internet servers run on. I’m not a Linux/UNIX expert, but I used Linux exclusively for about two years and I now run UNIX full time (okay, it’s a Mac). I also run my own Linux web server.
I’m by no means an “expert,” but I do suspect I know a bit more about these sorts of situations than your average Facebook commenter (no offense is intended to those who make comments on Facebook). Actually, my primary field of work is front end web development, so what I’m about to talk about is above my pay grade—but not by too much.
Planned Parenthood has accused an unnamed group of people who want babies to stop being murdered of something called a DDoS (Distributed Denial of Service) attack on their servers. These allegations are being called into question by a number of conservatives. I’d like to explain the issue in a bit more detail, then offer my opinion.
Servers, DDoS Attacks, and Care Packages
First, when you visit most sites, the server has to do what amounts to packing the information you requested into a neat little package, putting a little bow on it, and sending it to you. Depending on how much is on the page you requested, there can be no small amount of preparation involved in getting you the page.
Imagine sending a care package to a college student. You might have to run to the grocery store to get the ramen noodles, while other things might be already in your house. The amount of preparation will vary based on how much you have to send and how easy it is for you to access. When you visit a webpage, it’s like you’re a college student asking for a care package.
A DDoS attack leverages the fact that servers are like kind old grandmothers who don’t want to say no. The hacker(s) behind the attack submit hundreds of requests and the server eventually just collapses into the fetal position and becomes unresponsive to all requests. Kids these days.
There are ways to prevent these by detecting them and saying no—actually, it’s more like being passive aggressive and just not giving a response. But if the attack is done well, it’s difficult to tell the difference between an attack and a simple upsurge in traffic because your site made the front page of Reddit.
Beyond preventing the attack, you also have options after it has already happened. Your server might not be able to respond to all the requests for a full care package, but you could Xerox an apology letter and send that letter out as quickly as possible. The difference here is that no preparation goes into sending this letter. The server simply replies to every request with the same single-page response. It can usually manage this, because it’s a lot simpler than serving dynamic content or ramen noodles.
Was Planned Parenthood Hacked?
It’s hard to say whether or not the accusations in this case are true. It’s worth noting that lying is a piece of cake for someone who makes a living on killing children. There are a few evidences that these allegations are false.
First, it appears that whatever content management system Planned Parenthood uses is also bing used to serve the pages that explain the hack. This is not typically the case in response to DDoS attacks. It’s usually better to leave as much server-software out of things as you can, so that the server is doing as little work as possible. But it could be their system has a way of serving up static pages that was designed for occasions such as a DDoS attack.
Second, it looks like Planned Parenthood is distributing their load over six servers. That’s a lot of servers and it’s no small task to take down. Is it doable? Well, sure, anything is. But this kind of project would be extremely difficult.
Third, they seem to be processing credit card information for donations. That’s more than most people can do while their site is being pelted with thousands of requests. That said, the payment page seems to be hosted on a 3rd party site, so this reason is not altogether convincing.
Fifth, the whole site is hosted on Amazon cloud hosting. If you set your servers up there correctly, you can literally click a button and multiply almost infinitely the amount of resources you have responding to requests. It costs an arm and a leg, to be sure, but we all know Planned Parenthood can afford it.
I really don’t know for certain one way or another whether the hacking claims are true. I should mention that they’re running their servers on Windows Server, which I have very little experience running. The ideas are all the same, but I could be missing pieces.
Frankly, it doesn’t really matter to me. If there really are hackers, I applaud their dedication even if I would question the usefulness of their methods. We need to fight this battle, but we need to be smart about it and use our resources carefully.
Planned Parenthood has decided to try to play the victim card here. It is a very common liberal tactic to argue something like “We might be doing [horrid thing here], but in our disagreement you have done [minor but distracting thing], so you must be wrong about our thing being awful.”
The Planned Parenthood hacking story runs the risk of becoming a red herring and we should be careful. Planned Parenthood is playing the victim andcrying about their rights because they don’t have good arguments for why it’s okay to murder babies and sell their parts. We need to make sure people remember that the real victims are the ones that don’t have a chance to cry.