Controversial world chess tournament website struck by denial-of-service attack

Might angry chess fans be behind the attack?

Chess

There is plenty of anger in the chess world right now.

The World Chess Candidates Tournament – the competition which will decide who will go forward to challenge Magnus Carlsen in the world title match in November – is taking place in Moscow.

If you’re a chess fan like me, you might be interested in following the games over the internet.

Sign up to our free newsletter.
Security news, advice, and tips.

Well, good luck with that.

Because, Agon – the organisers of the Candidates Tournament – astonished the chess community when it announced that not only the video footage but also the actual chess moves played in the games will be available exclusively on its website WorldChess.com (and Norwegian TV channel NRK):

All video footage as well as the moves from each game will be shown exclusively at WorldChess.com and by approved broadcast partners in certain countries.

This is a substantial change from the way chess has been broadcasted. Previously it was common practice that all websites were able to receive moves without broadcast limitations, resulting in a diffusion of major tournaments’ audiences and sponsorship values.

The move is designed to enhance and safeguard the viewing experience for chess fans and to protect the commercial future of World Championship events.

Chess websites like chessdom.com are up in arms over the decision, and have been reporting on the reaction from disgruntled chess fans worldwide.

So, your only chance of legally following the games it seems, is to visit the worldchess.com website.

But there’s a problem. According to the World Chess Candidates Twitter account, the site is suffering from a denial-of-service attack.

Chess tweet

Chess players didn’t seem terribly sympathetic in their response to the news of the website’s woe.

No sympathy

Sure enough, when I tried to watch a live match, I was greeted by a disappointing error message rather than a Berlin Defence.

Oh dear

Oh dear. That’s not going to impress the event’s sponsors very much.

PS. If you want to challenge me to a game of chess, I’m gcluley on chess.com. Be gentle with me.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

7 comments on “Controversial world chess tournament website struck by denial-of-service attack”

  1. RichardL

    It is unfortunate that corporate greed is spoiling this great event. The online interface lacks some key features that chess fans will miss e.g. move list, engine analysis (not that silly little graph).

  2. drsolly

    How do they know it's a DOS attack and not just a case of too many chess nuts crowding into the same foyer?

    1. Bob · in reply to drsolly

      You can normally detect DDOS by the IP ranges involved, heuristic analysis, access patterns, country of origin, client accessing site plus many other identifiers. On there own each element wouldn't be suspicious but put together it is generally obvious that you're being attacked.

      You'd also think that they'd have allocated more than enough bandwidth for genuine chess fans but they've been swamped by a DDOS.

      1. coyote · in reply to Bob

        Something tells me the Doctor wasn't entirely serious.

        But even if he was, without the actual evidence it's hard to say it is a DoS or a DDoS attack or anything else.

        Another possibility: they made a terrible mistake and they shifted the blame. I grant you that the max. number of clients reached does make an attack a plausible explanation but let's be honest… the old octopus exploit could manage this (that is, too many connections reached) by itself. It doesn't require much bandwidth to pull that off, does it? Then you have e.g. sloworis as another low bandwidth attack. There are others which might or might not be applicable (and no, I'm not suggesting any of these are actually being used).

  3. coyote

    'PS. If you want to challenge me to a game of chess, I'm gcluley on chess.com. Be gentle with me.'

    Do you not consider yourself good, then ? I would say I used to be decent (though certainly not even close to competition level) but I've not really played in such a long time.. otherwise I'd consider it. I just don't have anyone to play with and it's such a low priority that I don't try to improve.

  4. Stanza

    They are hosting on Amazon, which should be relatively DDoS proof if configured correctly.

  5. Ivanov

    When you have the morons at FIDE making the deals, It is doomed to failure. FIDE has never done anything right ever, Now they just added insult to injury is ruining the game even future. Lack of advertisement is a key issue in preserving the game yet FIDE does none. Broadcasting the games so kids around the world can watch and learn was not done either. These idiots at FIDE have set the game back to what it was before my good friend who passed away Bobby FIscher put the game on display for the world to see.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.