Scribd

(Rev. 01-31-2003)

ALL IMFOPHATIOM CONTAIMED HEPEIM IS UMCLA55IIED DATE 11-02-2007 BY 60324 AUC BAW/5T/CL5

FEDERAL BUREAU OF INVESTIGATION

Precedence:

ROUTINE

To:

Los Angeles

From:

Los Angeles CY-1

Contact: Attn:

CY-1

Approved

By:~I ___________

L----.

Drafted

By:

~I ____________ _.

Case ID :

288A-LA-241135 (Pending)

Title:

UNSUB(s); Church of Scientology -Victim; DDOS

00:LA

Date:

03/29/2005

b6 b7C b7E

Synopsis:

EC to open and assign case tol

____ __

L...-. ____ _____.

Details:

On Saturday, 03/26/2005, the Church of Scientology s website, www.scientology.org, (192.216.201.9) came under a denial of service (DOS) attack. The attack started at approximatelv 12:15

p m l

I

Website administrators

L------....-----,-..,.....----.---.-----,,----,-......-.,.....----,,----,-.-----'

logged the attack and stated that they were in possession of logs for days prior to the attack.

To: Los Angeles From: Los Angeles

Re: 288A-LA-241135 03/29/2005

.L--.......

-------- ----____.lstated

that he would collect loss figures caused

y

the DOS to provide to the FBI .

••

2

b6

b7C

(Rev. 01-31-2003)

••

•

EDER L BURE U OF ·INVESTIG TION

Precedence:

ROUTINE

To:

Los Angeles

From:

Los Angeles CY-1

Contact:

I

Approved By: Drafted By: Date:

03/29/2005

Attn:

CY-1

I

ALL INF0Pl-lATI0N cmrrAHIED HEREIN

IS U iTCLASSIFIED

DATE 04-20-2012 BY 60322

UCLP/PL,J

,JN

Case ID :

288A-LA-241135 (Pending)

Title:

UB(s); Chu h of Scientology -Victim; DDOS

:LA

Synopsis:

EC to open and assign

I I

______ _.

ndD

Details:

On Saturday, 03/26/2005, the Ch

cb-Gf~¥~S

website, www.scientology.org, (192.216.201. ·) came under a denial of service (DOS) attack. The attack started at approximately 12:15 p.m. and lasted for about six hours ___ e target web server is connected to the Internet by a Tl line. Tne Tl line also serves about nine other web servers, to include Dianetics.com. The Scientology online book store is also served off of the same Tl line. All 10 web servers were not accessible to the public Internet due to the flooding of the bandwidth of the Tl line. Level3 communications is their upstream Internet service provider. The tech support line of Level3 Communications stated that they had no logs of the DOS. Level3 trouble ticket number for the DOS complaint was 1239220. Only two ports were open on the servers, port 80 (HTTP), and port 443 (SSL). The attack seemed to be a SYN flood attack. Website administrators logged the attack and stated that they were in possession of logs for days prior to the attack. The Scientology website is a Linux box located Fountain Avenue, os Angeles, Cal orn1a,

~-

The information in this EC was provided by._ ____

I

I

ITISecurity Manager for the Church of ientology, and _ _ Internet Security for the church, 63 Holl

w

od Boulevard, Hollywood, California 90025, telephone mber

b6 b7C b6 b7C