Further details on the cyberdefense of the WYD website

VATICAN CITY — The U.S. Servant Sister who masterminded the defense of the World Youth Day website from a major cyberattack last summer has provided more details.

As noted Tuesday, news reports re-visited the attempt to hack the WYD Madrid site after the computer security company Imperva released a report, “Anatomy of an Anonymous Attack,” outlining what the company said it has learned about the hacking activities of the group that calls itself “Anonymous.” The report didn’t mention World Youth Day or the Vatican, but The New York Times reported that it confirmed “the Vatican” or, more accurately, World Youth Day, was the target.

Now there may be questions about that.

Servant Sister Kristen Gardner, who handled the massive computer operation for last August’s celebration of World Youth Day, explained in an email what happened. She said she thinks the news reports have gotten some information confused.

Servant Sister Kristen Gardner, in a 2010 photo from Madrid. (CNS/Paul Haring)

“I highly doubt that the Imperva report is about the WYD website,” she wrote.

“Yes, we were aware of the attack. In July we received several threats from Anonymous via YouTube videos. We prepared all the necessary infrastructure to secure the website, removing all possible security holes. During the week of WYD, which is when the DDoS (distributed denial-of-service) attack took place, we were also aware of it, since the website at times was very slow and at other times could not be reached at all. The moments when the site was completely down were usually periods of about 10 minutes maximum.”

Sister Kristen said, “We were able to block the IPs (internet protocols) from which the attack was coming. The day with the most attacks was Thursday, August 18th,” the day Pope Benedict XVI arrived in Madrid.

“Imperva was not hired by WYD, nor did they do anything for us,” she said.

“We were prepared for the attacks,” she said, and especially in the last month before WYD kicked off she and her staff “continued to add extra protections. Thanks to that the hackers were only able to use DDoS tactics and not others. It would have been much worse if they had been able to enter the website and put their own content on it.”

While the cyberattack was not completely successful or destructive, it did create massive headaches.

“The security in the last week made it much, much more difficult to update the website. This was especially so due to the fact that we had a team of 20 volunteers working on the site and we had to daily inform them of the new security measures and the new processes (which took time to be learned) to be followed to update the website.,” she said.

“However, it was worth the work and effort,” Sister Kristen said.

This entry was posted in CNS, WYD. Bookmark the permalink.