October 5, 2015

DDoS Attack Hits 4Chan via Imgur Exploit

Malware uploaded to Imgur is Used in DDoS of 4Chan

  • How Imgur was forced to turn against 4Chan
  • 4Chan vs. 2Chan vs. 8Chan
  • Employee first posted about exploit
  • Fixing the problem & DDoS protection

How Imgur was forced to turn against 4Chan

The photo-sharing site Imgur, well-known (particularly among Reddit users) as a place to post GIFs and memes, was just used for a major online attack. Imgur was used as a point of attack to target the 4Chan and 8Chan image boards with a brute-force assault. 4Chan and 8Chan were hit with a massive volume of requests, a typical though interestingly delivered distributed-denial-of-service attack. The DDoS didn’t completely stop traffic flow on the two sites, but it did make their load times incredibly slow – effectively making them unusable.


Imgur posted on its website on September 29 that unknown hackers had successfully uploaded a fraudulent HTML file to its servers that went after anyone within the Reddit threads for 4Chan and 8Chan. This attack is particularly notable because Reddit is one of the biggest sources of traffic for the two image-based bulletin boards. Reddit users within the 4Chan and 8Chan subreddit (Reddit subsection) who clicked on one link to either of the two image sites were being forwarded to Imgur, which was responding by prompting their devices to load hundreds of additional and invisible windows (both overloading the user’s system and the servers).


DDoS is often used by hackers to slow down chosen websites to a crawl, sometimes booting them completely offline, explains Jeff Stone of New York-based International Business Times. “The method has been used most frequently by the hacker group Anonymous and, more recently, by the Chinese government to silence critical websites hosted in the United States,” he says “Who was behind the Imgur DDoS and what motivated them remains unclear.”

4Chan vs. 2Chan vs. 8Chan

4Chan is widely known as the home of the /b/ board, which is where Anonymous was hatched online and where naked celebrity pics were published following an iCloud hack, in an incident labeled “the Fappening.” It’s very much noteworthy that 4Chan was just sold by its founder – Christopher ‘moot’ Poole, who created the site when he was 15 – to the original creator of sites in this vein, Hiroyuki Nishimura, owner of the Japanese site 2Chan (which was the basis for 4Chan).


What’s the significance of 8Chan though? That’s actually a separate entity, as described by Reddit users 27th_wonder and dsty292. There was the original, Japanese 2Chan, followed by the English-language copycat 4Chan. People started taking the basic image board coding and putting together their own chan sites – which are numerous (dozens? hundreds?). 8Chan is one of those spinoffs. 8Chan is relatively new, and one of its boards was recently flooded with child pornography – after which its users aggressively posted in rapid succession (called sh*tposting) to push the disturbing images out of the conversation.


Employee first posted about exploit

The DDoS assault was actually first announced by an Imgur employee on Reddit. Numerous Reddit commenters said that they thought the Imgur staff had uploaded the malicious file themselves, but the majority of users agreed that the attack came from a third-party source.


The hackers did not seem to be interested in accessing user files or otherwise targeting Imgur itself, so it’s easy to see why some users became convinced it was a conspiracy – after all, Imgur’s code was exploited, but specifically to harm another site.


“Someone managed to upload an HTML file with malicious JavaScript inside of it that targeted 8chan,” noted the employee. “We patched this bug[,] and it’s no longer possible to upload those files. We’re also not [serving] those bad files anymore.”


Fixing the problem & DDoS protection

Imgur explained to its visitors that the images were not published directly to the Imgur boards. “The vulnerability was patched yesterday evening, and we’re no longer serving affected images,” the photo-sharing site explained, “but as a precaution we recommend that you clear your browsing data, cookies and local storage.”


Why is it important to clear out your browser cache if the Imgur system has been patched and the file is no longer available at that central location? As Mike Wehner of The Daily Dot explains, if you have been to the applicable subreddits lately or think that you may have followed one of these malicious links, the file may still be stored within your browser – in which case it must be removed by you to avoid potential problems.


Obviously this is a particular type of DDoS attack that could become increasingly prevalent, so be on the lookout for similar events. The real broad message here, though, is that DDoS continues to be a powerful weapon of choice for malicious parties, and methods of hackers are becoming more sophisticated.


In this volatile security climate, it’s critical to partner with Nexusguard to protect yourself from malicious Internet threats to your site, service, and reputation. Get end-to-end DDoS protection.

Get the latest cybersecurity news and expert insights direct to your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.