Fanfiction site targeted by DDoS attack

Popular fanfiction site, Archive of Our Own (AO3), has been the victim of a targeted distributed-denial-of-service (DDoS) attack.

DDoS attacks work by flooding a sites servers with traffic, meaning the site is unable to function properly and is taken offline.

The site itself reported the cyber attack, taking to Twitter to explain why the site was not functioning as expected. The attack was initially noted on July 10, which promoted AO3 to tweet that the site was not functioning “as expected” and that they were investigating the source of the disruption. Several hours later, AO3 stated that it “look[ed] like the Archive [wa]s under a DDoS attack”, reassuring its users that it was “working on countermeasures” and promising that the site would be functional soon.

It looks like the Archive is under a DDoS attack causing the servers to fall over. Our volunteer sysadmins are working on countermeasures. Please be patient with us, we'll be back!

— AO3 Status (@AO3_Status) July 10, 2023

After fighting against the DDoS attack for more than 28 hours, the fanfiction site announced on July 11 that the site was back online after updating its cyber security controls.

We're back! However, we may need to do some work to optimize our shiny new Cloudflare setup -- we'll keep you updated on any issues or downtime.

— AO3 Status (@AO3_Status) July 11, 2023

Anonymous Sudan, a hacktivist collective that claims to an Islamic terrorist gang, said they were responsible the attack. In a post on the group’s Telegram, the hackers said it took down the fanfiction site as it is “against all forms of degeneracy, and the site is full of disgusting smuts and other LGBTQ+ and NSFW things”. AO3 hosts more than 11 million works of fanfiction related to 57,000 different pieces of media. 

The gang also claimed to be able to attack sites without detection, saying: “We can bypass any detection you put, we will make sure your site goes offline for the longest possible time as your ‘experts’ scratch their heads cluelessly to find a solution.”

The hacking gang also claimed they were responsible for a DDoS attack against social media site Reddit on July 10, which took the site offline for roughly two hours.

While Anonymous Sudan claims to be a hacktivist group motivated by a religious, specifically Muslim ideology, many cyber security experts have called into question the legitimacy of this claim. Even AO3 made a statement regarding the real identity of the gang, saying: “A group presenting themselves as a collective of religiously and politically motivated hackers has claimed responsibility for the attack. Experts do not believe they are honest about their motivation, so we urge caution in believing any reasoning they provide for targeting AO3. 

“We do not condone anti-Muslim sentiments under any circumstances. Additionally, to reiterate: cybersecurity experts believe the group claiming responsibility is lying about their affiliation and reasons for attacking websites. View the group's statements with skepticism,” they urged users of the site.

The most common theory for Anonymous Sudan’s actual identity is that they are a Russian hacking gang looking to sow discord among Russia's enemies by posing as a splinter group of the Anonymous hacking collective.