Thousands of Redditors have flocked to a Reddit clone called Voat in the wake of the fat people hate drama last week. Voat, in turn, has been down for days as an influx of traffic has overwhelmed its servers. Such downtime is common when a small site suddenly gets popular, but a few Redditors have another conspiracy theory: Could Voat.co's downtime be caused by a malicious attack perpetrated by Reddit admins and, just maybe, Reddit CEO Ellen Pao?
That Reddit's management is directing or complicit in a distributed denial of service (DDoS) attack is one of the wilder conspiracy theories being floated by a handful of people at newly popular subreddits such as /r/PaoMustResign and /r/oppression. In a DDoS attack, a website's servers are hit with a higher-than-usual amount of requests (usually from a botnet, or a series of co-opted internet-connected machines), overloading the servers and knocking a site offline.
Voat says that it has indeed been the target of ongoing DDoS attacks, but it's worth mentioning that, over the last week, the site has regularly been knocked offline by a "Reddit hug," when a popular post sends more users to a site than its servers or service provider can handle.
One person, who claims to be an antitrust lawyer, said that it seems "likely" that Pao and other Reddit admins would be tried as computer hackers for attacking Voat.
"A fair assessment would be some uber-Redditors with too much time and gunpowder"
"It's been pointed out here any number of times that reddit itself is behind the recent DDoS attacks, and while I can't exactly confirm that it's true (our investigation is ongoing) I can say that, based on our information, it's looking very much like what many of you predicted is the case," a user going by AntiTrustLaw wrote. "This means a criminal prosecution for Pao and other reddit executives is likely. Jail time for 'white collar' criminals is pretty rare, but given Pao's recent history with (seemingly) frivolous lawsuits and her husband's troubles, it isn't impossible."
"Orchestrating a DDoS attack is a legal offenses at the federal level, both criminally and civilly. The Computer Fraud and Abuse Act (CFAA) is the applicable law (18 U.S.C. §1030)," the user added.
This is not an isolated post—as AntiTrustLawyer mentioned, the idea that Reddit itself is behind the DDoS attacks has gained a little bit of steam. Most people have dismissed it outright, but others have suggested that the timing is fishy.
In case you haven't been following along, Reddit announced last week that it will ban any subreddits that continually harass users. Reddit first banned five subreddits, most notably /r/fatpeoplehate, which had about 150,000 users. Since then, some vocal Redditors have staged protests in which Pao has been threatened, insulted, and compared to Adolf Hitler. Hundreds of posts shaming fat people have spilled out all over the site. Others have simply left for Voat.
It is true that a DDoS attack is a violation of the Computer Fraud and Abuse Act, a sort of catch-all law that's been used to prosecute both real hackers and those who merely commit cyber mischief such as password sharing. But it does seem beyond the realm of possibility that Reddit itself would be bothered or willing to blatantly ignore the law to attack a comparatively tiny website.
A Reddit spokesperson told me Reddit has nothing to do with any DDoS attacks Voat is experiencing. I tweeted at Voat's management and didn't hear back. Voat.co has been down so I have been unable to contact its administrators through the site.
While Reddit itself is unlikely to be behind the attacks, it is possible that some users of Reddit are attacking Voat. Why would they do this? Well, some Voat members have said that Reddit moderators have been engaged in a power struggle with moderators at Voat (i.e. a Reddit moderator of /r/pics would want to moderate Voat's clone of the site, called a subverse, such as v/pics).
"From what we gathered from discussions with our customers, if someone who hates you attacks you, you usually know who they are," Ofer Gayer, a security researcher at Imperva Incapsula, which offers DDoS protection to websites, told me in an email. "It's very far-fetched that a reputable website such as Reddit would resort to launching a DDoS attack. A fair assessment would be some uber-Redditors with too much time and gunpowder."
Barrett Lyon, a security expert well known for investigating DDoS attacks, added that it's often hard to say exactly who is behind a certain attack, and that sites get attacked for all sorts of reasons, all the time.
"To boil it down to an actual person or organization takes months and requires a lot of persistent attacks. In this case, it's really hard to know," Lyon said. "There are a lot of angry people out there. It could have been as obscure as a voat.co post that's derogatory about religion and it angered someone completely unrelated to the situation. I've seen this happen a thousand times: Web site is unprepared for an attack, attack happens, everything is a mess for about a week, they get DDoS protection like Defense.Net or Prolexic, and everything is fine again. Moral of the story is don't be unprepared for DDoS attacks if uptime matters to you."