The National Rifle Association has come under an increasingly large number of powerful distributed-denial-of-service (DDoS) attacks, researchers revealed Thursday.
According to a blog post from the Network Security Research Laboratory, run by Chinese company Qihoo 360, the gun rights organization has recently been targeted by DDoS attacks utilizing memcached servers.
The new tactic, which can allow an attack to be amplified by up to a factor of more than 50,000, was recently used against an unnamed U.S. service provider in the biggest ever recorded DDoS attack. That incident came just days after developer platform GitHub was hit with what was then the largest ever attack.
The NRA’s top domains, including nra.org, nrafoundation.org and nracarryguard.com, were found to be among some of the most attacked.
An examination of social media posts by Bleeping Computer’s Catalin Cimpanu, who first reportedon the story Thursday, suggests the most successful attack against the NRA may have occurred late last month.
“The biggest one appears to have taken place on February 28, when multiple users reported the website down for hours,” Cimpanu said.
The attacks follow the death of 17 at a school shooting in Florida last month and widespread debate over firearms.
While some mitigation techniques exist to protect against memcached-based attacks, the tactic could become more prevalent following the release this week of proof-of-concept code that automates the process.
The code’s authors, according to CyberScoop’s Patrick Howell O’Neill, say the release is aimed “to bring more attention to the flaw and force others into updating their devices.”
The NRA has thus far not publicly commented on the reported attacks against its domains.