Ustream outage due to DDoS aimed at citizen journalist

Ustream was hit with a distributed denial-of-service attack today that apparently was designed to interfere with the streaming of video from antigovernment demonstrations in Russia, the CEO of the live streaming site told CNET.

"We are 100 percent confident that they were targeting a specific channel on Ustream of a Russian citizen journalist. This is the third time in the last six months that a specific Russian citizen journalist was directly targeted through this complex and highly adaptive attack," Brad Hunstable, co-founder and CEO of Ustream said in a phone interview from Budapest. "We get DDoS attacks all the time and we fight them off. It's not a big deal. But this is adaptive beyond anything we've seen."

The attack started around 2:30 a.m. PT, which was 2:30 p.m. in Russia, and it took Ustream engineers about 10 hours to get the site back up again for its 55 million users worldwide, he said. The attacks were using a variety of protocols, such as UDP and TCP/IP, but also the requests were coming from Russia, Kazakhstan, and Iran, he added.

"What we saw today were systematic attempts, method after method, up to seven methods," Hunstable said, adding that it was the largest attack the site has seen in its more than five years in operation.

Asked if he believed that the Russian government was behind the attack, Hunstable said he could not speculate. "I won't speculate on who or why. What I do know is that there is no denying that specific Russian citizen journalists were individually targeted," he said. "We are in contact with many of the government agencies across the world. Ustream is back up and running and we put the Russian protests back up on our front page. This is about Internet freedom and our mission is to allow people to do this and we're not going to stop until we do."

The company "lost significant revenue" due to the outage and Hunstable said executives will be doing a full review of how to handle attacks going forward to minimize the economic impact.

The other recent DDoS attacks that were targeted at silencing citizen journalists in Russia were on December 6, 2011, and January 6, 2012, both days of antigovernment protests, according to Hunstable. Today's attack was targeting the ReggaMortis1 channel on Ustream and previous attacks targeted the Ridus channel, he said.

The attacks all used the "same footprint and focused on citizen journalists in Russia using our iPhone and Android mobile broadcasting capability," he said.

GigaOM had reported earlier today that live-streaming service provider Bambuser also was under attack.

Demonstrators have been protesting since before and after the inauguration of President Vladimir Putin on Sunday, clashing with police, and hundreds have been detained and arrested. In addition to complaints about election fraud, protesters are clamoring for political reforms.

Russia's move from communism to a capitalism-based economy led to a new class of billionaires who own formerly nationalized assets while crime syndicates have moved their enterprises online. Many of the early credit card data theft and identity fraud rings were based in Russia and former eastern bloc countries.

Updated 11:42 a.m. PT with more details, quotes from interview with Ustream CEO