SPH reiterates 'We didn't do it'

2009-11-13T01:47:00Z

Geoffrey Pereira says TR's reactions to blog may have generated traffic but were not coherent.

When Temasek Review (TR) published its article last week accusing SPH of trying to cripple its web server, I felt strongly that it should not be ignored as just another piece of the usual nonsense hurled at the company, often from the cover of anonymity.

I advocated that we respond to the serious allegations made in the article, 'SPH IP address caught “grabbing” content from Temasek Review server' .
(http://www.temasekreview.com/2009/11/02/sph-and-recent-ddos-attack-on-temasek-review/)

No one coerced me to write it. I hope that answers some comments made on and about my blog, published last week, on Nov 6:
http://blogs.straitstimes.com/2009/11/6/attack-on-temasek-review-site-not-sph

TR reacted profusely, to say the least. It has published no fewer than 7 articles on the topic, when I counted yesterday (Nov12) . All but one – a letter – were belligerent in tone and designed to ridicule me and my company.

Among the points these tried to make:
- TR never accused SPH of having a go at its server;
- I got the timing of the alleged attack wrong;
- my explanation, involving spoofing in Denial-of -Service (DOS) attacks, was wrong.

The articles also tried to shift focus away from a DOS attack to SPH’s alleged “grabbing” of TR content.

There were some humorous detours, such as in ‘25 SPH employees “caught” surfing Temasek Review in 3 days’, published on Nov 7.
(http://www.temasekreview.com/2009/11/07/25-sph-employees-caught-surfing-temasek-review-in-3-days/ )

This spoke about how journalists – from both SPH and Today – were visiting TR to “fish for news to write with most of them lacking the basic courtesy to even acknowledge their source of information”.

But the funniest was this: “Despite our sometimes fierce rhetoric against SPH journalists, we have really nothing against them personally. In fact, we are very sympathetic of the situation they are in: they are paid pittance and made to work long hours.”

It went on to add: “When our media company is finally incorporated next year, we will give our full-time journalists a better deal. SPH journalists are more than welcomed to join us.”

Wow.

Also interesting was the letter sent to SPH’s CEO, and published in TR on Nov 8.
( http://www.temasekreview.com/2009/11/08/temasek-review-writes-to-sph-ceo-alan-chan-to-seek-further-clarifications/ )

In it was a surprise statement, referring to TR's original article:

“Our correspondent who drafted the article was not familiar with IT matters. We apologize if our article has caused some misunderstanding and we have already clarified the matter in subsequent articles.

"We have never intended to implicate SPH with the DDOS attack on our server which had occurred a day earlier and we are sorry for any distress caused.”

Wow (again). They pelt me with rotten tomatoes and roast me, deny that they made accusations against SPH. At the same time, they say sorry to my CEO for hurling accusations.

Well, SPH does not reply to letters from unidentified parties (even if they have e-mail addresses), so TR – whose editor has no name, no face – should not hope for one from my CEO.

On Nov 10 yet another article from TR:
( http://www.temasekreview.com/2009/11/10/sph-journalist-geoffrey-pereira-got-boomzed-on-his-blog/comment-page-1/ )

This was a compilation of anonymous comments, mostly poking fun at my original blog, and which TR filed under “Top News”. It was back to pelting and roasting.

The summary of all this is, in a space of just under a week, TR has gone on overdrive to increase traffic to its site.

It has said so many things – including denying, then accepting, that it had accused SPH of trying to cripple its server – almost in the same breath. Wayang would be an apt term to describe it.

I will be unequivocal and reiterate what I said in my earlier blog: SPH made checks spanning a period that extended to before and after the alleged attack .

Our checks found that neither SPH as a company, nor any employee as an individual, launched a DOS attack on TR's web server. There was also no attempt to "grab" TR material in a way that could overload its server.

Attack on Temasek Review: Not SPH

2009-11-06T03:40:00Z

Geoffrey Pereira explains an accusation based on IP address is mistaken; there was no malicious activity on SPH's part.

A COUPLE of days ago, a blog that focuses on Singapore politics carried a posting which accused Singapore Press Holdings of trying to cripple its web server.

Temasek Review (TR) posted its article, "SPH IP address caught 'grabbing' Temasek Review server" on Nov 2.

It started by defining a Distributed Denial of Service (DDOS) attack - essentially as when a server is bombarded with requests so as to overload and cripple it.

It then went on to say that its monitoring had shown that during a recent period, there was a flurry of network requests coming from an SPH IP address.

Put this together and it is no less than an accusation that SPH had launched an Internet attack on TR. Many of its own readers, too, saw it as such, though TR tried to deny it in the discussion that followed on the site.

The article ended by fishing out the Computer Misuse Act and warning SPH to not continue its "intrusions" to undermine its site. Or else, it said, it would escalate the matter.

You can read the article in full, here (and if SPH is not being accused of a DOS attack, why associate it with this URL title?):
http://www.temasekreview.com/2009/11/02/sph-and-recent-ddos-attack-on-temasek-review/

Well, the truth is no warning was needed; but perhaps a little more understanding of the Internet by TR.

For, as at least one TR reader pointed out in the discussion the followed on the site, IP addresses by themselves do not prove anything. In fact IP spoofing is a common tactic used in a DOS attack and with information available readily (http://en.wikipedia.org/wiki/IP_address_spoofing) TR should have known that SPH is as easy prey as anyone.

In any case, given the serious allegation made, SPH made checks with its Network Intrusion Protection Services (NIPS) vendor, a reputable multi-national company. We wanted to find out if anyone within the organisation did, indeed, have a go at TR.

Our NIPS vendor found that there was no unusually heavy access to TR during the period of the alleged attack on its site. SPH logs also determined that no one from the company tried to access material from 2008, as claimed by TR.

TR changed the time of the alleged attack (we have print-outs too!! ) some time after the article was first published; but I won't jump up and down the way some bloggers do when an SPH website changes a headline. I'll just put it down to corrections made by TR to improve accuracy.

Nevertheless, data made available to me covered a 3-day period starting before and ending after the alleged attack. It showed that about 25 SPH employees – including yours truly, a regular reader – visited TR; but we did not create the kind of flurry of Net activity that would slow a server down, much less precipitate a DOS.

In fact, from midnight on Nov 1 to about 6 am, (covering a period of the alleged attack) no one from SPH accessed the TR site.

Our NIPS vendor's technical staff member, who checked 7 days worth of data and found no DOS activity originating from SPH concluded: "My opinion of the situation is Temasek Review released the article with very little research into what happened on its server."

It is an expert opinion; but if opinions don't count, here are the facts: Contrary to TRs allegations, neither did anyone in SPH try to "grab" TR material in a way that would load its server; nor did any SPH staffer launch any attack on the server.

The Straits Times Blogs - Geoffrey Pereira

SPH reiterates 'We didn't do it'

Attack on Temasek Review: Not SPH