Slashdot Mirror
Gangs Extort Companies With DDoS Attacks
Pcol writes "The Financial Times reports that gangs based in Eastern Europe have been launching attacks on corporate networks costing the companies millions of dollars in lost business and exposing them to blackmail. Sites have been asked to pay up to ensure they are free from Distributed Denial of Service attacks for a year. One detective reported, 'If the demand comes in for $40,000-50,000, compared to the losses they're suffering, there's an attraction for the companies to pay and hope it goes away. But there's nothing to say it will go away.'"
Firstly, I'm suprised it took this long for something like this to happen. Though I suspect it's been happening for a while. Organized crime has always been ready to utilize new technology in the persuit of money / Power.
Secondly, How is this different from some company installing spyware/nagware that's not uninstallable and then sending you email asking you to pay 20 bucks for a utility that'll "remove" their piece of software.
Yes Francis, the world has gone crazy.
I've never understood why operations like this are so hard to track down. If you give them $40,000 that creates a finantial paper trail that is traceable! The same thing with spam, if it is illeagal spam and they ask you for money, at some point the money has to go somewhere. Why do the feds have such a hard time connecting the dots on cases like this? I'm sure there is something I'm missing so someone please inform me.
SCO.com uses Linux
I'm shocked something like this is only coming up now, It's probably happened in the past, and we havent heard about it, but really, these companys are GIGANTIC targets, with deep pockets, and the attackers are not two sleazy toughs with baseball bat's, but skilled(?) crackers, who can remain anonymous,and protect themselves from the law enforcement efforts provided to those with deep pockets. Still though, They run the risk of bringing the law down on DDoS'ers world over, SPEWS and etc. are being ddos'd and dont have the financial backing to bring the law into it, if Law enforcement tracks these guys down, they may extend into anyone doing DDoS's like this. And finally, We could just blame everything on the spammers.
So how do you protect yourself from a DDOS attack? Are there any closed-source or open-source products that can do it? I've seen "network appliances" that claim to protect you, but I haven't read any reviews.
The primary targets appear to be gambling sites.
Why is it whenever the mob is involved, their first target are gambling sites? Next thing it will be online porn and pharmacudicals.
Karma Whoring for Fun and Profit.
Actually, I think a liability that follows the money would actually be a good idea, for the free software community too. Think about it, companies like Red Hat would actually have a real product -- the warranty -- they would sell a warranty that their products are performing as advertized. They would earn more money and need to hire more people to audit code, resulting in more jobs and better code. And since we all know that free software is better than proprietary, well, we would be the winners!
Employee of Inrupt, Project Release Manager and Community Manager for Solid
You could consider, to some extent, a good slashdotting as a form DDOS... so I suppose it depends on how you are getting DDOS'ed. There are ways to stop a slashdotting, and also to stop certain forms of DDOS attacks.
Of course, the other solution is to employ somebody to track down the buggers doing the DDOS'ing....
Wait a tic...
The extortionists want around $40-50K per year, and you think it'd be cheaper to hire consultant(s) or more/better sysadmins instead?
Who do you work for, again? I'd like to know where not to ever send my resume.
It goes from God, to Jerry, to me.
For the outsourcing some companies have been doing. You let some Ukrainian company design software for integral parts of your organisation's business and later get screwed by some thugs blackmailing you, well, this is one of those cases where maybe you should have paid a little more to hire domestic programmers who come from a less thugocratic society.
Saving a buck has its limits!
From random IPs?
If a router were able to know that both the source and destination IP adress lay within a given logical area on the network, maybe it should reject packets that come from the source IP, but from outside the area defined by the souce and destination. This would require the router to be on the border of that region, however.
I suppose IPSec does that sort of thing automatically.
tasks(723) drafts(105) languages(484) examples(29106)
For some time I've pondered the ways to stop DDoS.
Couldn't you write a program that scans each incoming packet and keeps statistics. Won't DDoS packets come far more frequently from a given source?
Is there a way to avoid spoofed packets by making sure you can reply to the source first? Shouldn't current protocols be designed to avoid spoofing? Or is it more fundamental (e.g. spoofing must be solved at a lower layer in the networking model)?
Where are the machines these attacks originate from located? Can't we get their ISPs to get rid of them, or ban ISPs that are known to be bad?
...the targets need not be large companies with high-profile Websites. My small (5 person) company is just now recovering from a DDOS attack against the DNS server used by our ISP; as of yesterday evening, they were getting repeated hits from at least 15,000 zombies. Our email and our Website were completely inaccessible for about 24 hours, and many other DNS customers will have suffered similarly. Various changes in server IP address etc. seem to have fixed the problem for now. The advice from the DNS server people is to use at least two independent DNS services in future. It must hurt to have to tell customers, in effect, to do business with your competitors to ensure service.
There's two kinds of protection:
One kind is the low-level "Pay me or I wreck shit". In this model, you don't actually get "protection" from anyone else, just the people you paid don't arbitrarily wreck your stuff. If some third party decides to play rough, the people you're paying protection to generally don't care, unless it threatens their protection money (ie, driving a store owner completely out of business).
The more sophisticated kind of protection generally involves paying someone so that you can operate without interference. Generally this involves handing over a percentage of the operations as a tithe or tribute (and in fact among Italian mafia, it is a historical descendent of the practice of conquered peoples paying tributes to Roman officials). In this case, since the payment is generally dependent on the successful completion of whatever the protected activity is, you'd be more likely to get muscle applied in your favor to keep rivals away. But even then there may be extra money associated with hiring muscle, and often it is an artificial ruse used to obtain larger tributes. (In an episode of the Sopranos, Tony uses a black political agitator to get more tribute out of a construction business that is already paying tribute. He then "breaks up" the black's protest and later splits the take with the black's leaders).
Another way to look at it...
If a company makes windows without locks can you sue because your house was so easy to break into? Or better yet, can you sue them cause it was so easy to break into your house to rack up long distance charges on your phone? Who the heck was calling Eastern Europe from this number?
If you have to ask, then you are not a whitehat :)
There are several techniques, most of them involve identifying a "connection fingerprint" and block it at the ISP level
Life isn't like a box of chocolates. It's more like a jar of jalapenos. What you do today, might burn your ass tomorrow.
An analogy might be... if I left a gun unattended just by my front door, and a would-be murderer pushed my door open and took it, maybe I would share some small part of the responsibility for his future crimes. I'd certainly feel some sense of guilt...
If Joe's getting stung, he's going to shout at his vendor -> his vendor is going to shout at his manufacturer -> his manufacturer is going to shout at the people who set up his OS, and left in lots of vulnerabilities in there along with an insecure default setup. At the very least, Joe is going to make sure he tells all of his Joe pals not to leave their machines with always on connections and no security patches.
I know Joe is a victim too, but maybe we need to be a little more pragmatic about how we can reduce the growing problem of DDoS attacks. Individual Joe's are alot easier to track down and scare than the Russian mob.
Or they set up a few fake auctions on ebay set up with stolen credit card numbers. The company uses "buy it now" (this launders the money) and the money is transfered electronically into a stolen or shady account.
Rate limiting SYN packets is one answer, but you can DDOS someone just with HTTP GETs if you have enough machine. Just ask a recent /. effect victim.
The other thing is to just follow the money. This is where the FBI come in. It is *very* difficult now to make a transfer of more than a few thousand dollars through the banking system anonymously. Ironically, the only way that works are the informal methods used by overseas workers (and Al Quaida) to send cash home.
See my journal, I write things there