The Archive of Our Own (AO3) is currently under a DDoS attack, taking the popular fan fiction website down for hours. Times are tough for everyone, but we’ll get through it together.
First the official status update on AO3’s Twitter account acknowledged the outage on Monday morning(opens in new tab) Time in the US, although its volunteer staff is still investigating the cause. Five hours later AO3 confirmed the website is a victim of a DDoS attack(opens in new tab)and it continues to work to suppress it.
DoS attacks, or denial-of-service attacks, are a common tactic used by malicious actors aimed at knocking websites offline. This is done by flooding the website with more requests than it can handle, overloading its servers and making it unable to deal with legitimate requests. DDoS attacks are distributed denial-of-service attacks, where a flood of traffic comes from multiple sources.
The tweet may have been deleted
(opens in new tab)
Who is behind the DDoS attack on AO3?
The attack was claimed by the hacktivist group Anonymous Sudan, and came as part of a campaign of similar DDoS attacks on US organizations(opens in new tab). AO3 is run by the US non-profit Organization for Transformative Works(opens in new tab). Referring to AO3 in particular, Anonymous Sudan further stated that it is “against all forms of depravity, and the site is full of disgusting smuts and other LGBTQ+ and NSFW things.”(opens in new tab)
How erotic fanfiction allows women to explore their sexuality without shame
However, AO3 cautions against taking the attacker’s claims about motivation at face value. Cybersecurity experts believe that Anonymous Sudan may be linked to Russia(opens in new tab)with its real aim being to disturb and provoke division in the West.
“A group presenting themselves as a collective of religiously and politically motivated hackers claimed responsibility for the attack,” wrote AO3’s Twitter account.(opens in new tab) “Experts do not believe they are being honest about their motivation, so we urge caution in believing any reason they give for targeting AO3.”
“We do not condone anti-Muslim sentiments under any circumstances,” it continues.(opens in new tab) “Furthermore, to reiterate: cybersecurity experts believe that the group claiming responsibility lied about their involvement and reasons for attacking the websites. See the group’s statements there is doubt.”
Although Anonymous Sudan initially claimed that the attack would continue for up to 24 hours, it has since issued a ransom demand.(opens in new tab)who threatened to continue attacking AO3 for “weeks” unless $30,000 in Bitcoin was paid.
Unfortunately for them, AO3 is a bad target for extortion. The fan fiction website is entirely funded by donations and staffed by volunteers, so it’s unlikely to pay the ransom even if it’s so inclined.
When will AO3 be back?
There is currently no word on how long AO3 may be out. It could be offline for weeks if its alleged attackers, but hopefully the website’s volunteers will be able to fight the DDoS attack sooner than that. AO3 is home to over 11 million fanworks in over 57,000 different fandoms, and in 2019 won the Hugo Award for Best Related Work.(opens in new tab)
The tweet may have been deleted
(opens in new tab)
The good news is that the AO3 attack was not a data breach, so your email, passwords, and questionable browsing history are still safe from prying eyes. The bad news is that it may be a while before you can go back to devouring your favorite 60k pain/comfort WIP.
