Slashdot Mirror
Taking on an Online Extortionist
An anonymous reader writes "When an online exortionist comes a knocking, threatining a DDoS, do you pay or fight? For many, paying may seem like a sensible option when compared to going out of buisness. CSO Magazine has a riveting article about how an online gambling site and a DDoS specialist teamed up to take on such an extortionist. When everybody else was rolling over and paying, this company risked its very existence to fight back. From the article: '"The attack went to 1.5Gb, with bursts up to 3Gb. It wasn't targeted at one thing. It was going to routers, DNS servers, mail servers, websites. It was like a battlefield, where there's an explosion over here, then over there, then it's quiet, then another explosion somewhere else," says Lyon. "They threw everything they had at us. I was just in shock."'"
"We will fight them in the CAT5, on the routers, in the packets. We will never surrender"
:)
Or however he said it
I enjoy large posteriors and I cannot prevaricate.
Was his name Roland Piquepaille?
Don't respond. They'll think you didn't see their email.
Very long but very interesting. Glad to see they caught some of them. They mentioned a hacked icq account.. That just seemed odd to me since ICQ accounts are free.. Anyone know what they were talking about?
There exists some positive integer N that you are the Nth person to read this signature.
And then get to see the out dated WSJ articles!
This sig has been removed pending an investigation.
"They threw everything they had at us. I was just in shock."
I guess that includes getting a mention on Slashdot?
Troc
Troc's dubious podcast and blog: http://www.trocnet.net
Seems kinda brutal to hit them with another DDOS.
Slashdot's name? When my compiler sees
gambling on ddos
Or maybe it was planned this way. Nothing says offline like a link from slashdot.
It makes me wonder if this new anti-DDoS company can somehow establish relationships with ISPs to track back the zombies and get them shut down more quickly? Seems that would be the sanest and most effective tool -- take away the bots. No bots -- no botnet -- no attacks.
John
Why don't they just send them Russian mail-order brides?
Presumably, they will give you some way to pay them (else what is the point?). Point the cops and or feds at that contact, and see what happens.
Extortion is extortion, be it physical or bandwidth.
If no joy from the authorities, I'm sure your local newsrag would be glad to shame the cops into doing something. Of course, if the extortionist is overseas, things might be a little difficult.
Mirror here.
First time those 2 go hand in hand....
Any guest worker system is indistinguishable from indentured servitude.
Is anyone else revelling in the hilarious irony that the site about surviving a DDoS attack has been Slashdotted? Or is that just me?
If they actually get money, they'll do it again and again.
Any measure of success will encourage more of the same behaviour.
Glad to see someone standing up to these thugs. I remember a few years ago, the ISP that I admin'd hosted the connection for http://www.defcon.org/. We had someone start a Smurf attack from the Con, targetting our inbound T3's. We were able to track it down, and actually snatch him out of his seat right there at the con. He promptly apologized (I think, he only spoke german, IIRC). The look on his face was priceless. Oh, did I mentioned that me, and everyone else at the company carry Glock 19's? Yeah, we didn't have any more problems for the rest of the con. Everyone was on their best behaviour. A bunch of fine, upstanding individuals. :)
An online wallet inspector demanded I send him my billfold posthaste. I never got it back. Be forewarned.
its not that hard, if the banks obstruct then sue them as well
Did anyone read this as Online Exorcist???
Or maybe 0wnline extortionist...
how long until
Find out where they live and call their mom.
ya ... riveting ... uhuh
"Never... have so few... been pinged so much, by so many, zombified by so few..."
I've always wondered...when a site is slashdotted, it implies that the site has been hit by high referrals from slashdot, causing it to become slow or go down totally.
But how does slashdot itself cope with the high traffic?
So much for the article.
Extorting a gambling site? That strikes me as a LLM (life limiting move, c.f. career limiting move).
Many gambling sites still have connections to, shall we say, respectible businessmen of the Italian or Asian pursuasion, who are used to handling such matters extra-legally.
You might just wake up one day with your computer's monitor (cables severed with an ax) in bed with you.
Or Guido and Nunzio standing over you, giving you tips on the finer points of extortion while they wait for the concrete to set.
www.eFax.com are spammers
I wonder who at CSO Magazine pissed off the Slashdot editors?
welcome our Windows zombie machines overlords. (food for thought).
Everybody else having problems getting to the site? Even the mirror doesn't work, this is annoying.
Some ISPs are doing customer-level ingres filtering -- e.g. if the "other end" of the cable modem gets a packet whose src address is not that of the cable modem, drop it on the floor, it's forged.
The ease of infecting home XP systems remotely means you sometimes find teenagers with tens of thousands of zombie computers at their control. They can sell them to spammers, too.
The ease of doing massive DDoS attacks is why I stopped running an IRC server, and also stopped a research project I was doing related to inter-protocol messaging. It wasn't worth the hassle.
Fighting back is hard if you don't know who to fight, but in the case of extortion, (1) document everything on paper, (2) keep timestamped printed IRC logs of all conversations, and full email printouts; (3) ask some other people to print copies of their IRC logs when appropriate. Then contact the RCMP (or if you are in the USA, the FBI, but in the USA you need to show financial damage of $5,000 or more). Don't wait until it's all over before contacting them.
Good luck!
Liam
Live barefoot!
free engravings/woodcuts
I don't know why. I have been reading everything wrong lately.
Here are the federal extortion laws. Wouldn't the FBI get involved if there is proof of extortion? Can't the attackers be caught easily when trying to cash in?
I wonder if some sort of class-action suit wouldn't be appropriate against the vendors of software which allows computers to become zombies?
...today the hosts of Slashdot.org, an everything geek website, was accused of causing a DDoS on an online magazine's website. It seems that for several hours the site was unavailable as a result. Site owners of Slashdot.org refused to comment as the zombies they were using had no choice but to hit the link to the downed web site time and again.
"How CSO Online took on Slashdot... and LOST."
I'm glad that somebody's standing up to the jerk though... people who do stuff like that are wasting perfectly good matter.
Windows isn't the answer... it's the question. NO is the answer!
Remember the "tactile digital assitant" that was tied to a French company that wanted a rather large sum of money to send you one? Remember how Roland was all hip about the product and did everything to spam his blog on Slashdot to promote it?
Who got their TDA? No one.
Anyone who supports Roland is supporting a scam and possibly organized crime.
The thing with these DOS extortionist is that unlike the mafia or other groups they do not protect you from other extortinist. If you pay them thay can stop their attact, but if someone else try to attack you they cannot do anyting.
mirrordot is hosted at puregig internet, the same puregig internet referenced in the article. pg is also home to easynews
pg is an awesome provider. super fat pipes, excellent uptime, and *very* smart people. they're my uplink for home. sure, they're not the cheapest hosting or service provider out there, but they are completely worth it
vodka, straight up, thank you!
Am i the only one who was sitting on the edge of my seat while reading the battlefield analogy? This is unexplored movie territory with some great potentiol. "Behind CAT5 Lines"
This is an appeal to network admins working at ISPs, whether large or small. You have a responsibility to make sure that spam/attack zombies don't exist on your networks. These days it's a trivial task to check to make sure you're not part of the problem. This can be scripted so that you receive periodic reports of problem hosts on your system, which you can then firewall, disconnect, or restrict access to.
There are so many blacklists these days, so just use rsync to grab fresh copies of AHBL, CBL, DSBL, SORBS, whatever. Then run through grepcidr to see if any IPs from your network(s) are on the blacklists. So easy, and you'll be protecting both yourself and others from malicious zombies.
Okay, I first read that as "Online Exorcist." I'm thinking, how does THAT work? TO: Satan@littlegirlshead.com
From: Father Mayai (Yes, you may!)
Subject: Notice of Eviction
Mirror
As disgusting it is to hear about "online extortionists", I prefer them to the rl extortionists. The former might direct an army of zombies at your servers and ddos the hell out of them. But the latter direct a gang of hoodlums at you to make your knees deny their service.
Too bad that we now have both and that the online guys aren't replacing the rl ones.
It's like a battlefield out there! It seems like these extortionist had it (have it?) pretty easy, preying on companies who might not be able to defend themselves or afford the people who could help them...
http://tech-hawg.blogspot.com
We will fight them with Good Advertising, Meaningless Propaganda, and silly overarching statements. We will fight them with astroturf and BS, and make piles of money off of people who aren't as good at watching for ad-embedded storytelling as we are.
My little site.
... Since one can always submit some bogus article to /. and have a true fully distributed attack without any fear of consequences for yourself. :)
is a fine
If I were to threaten a company with a DDoS attack, and they actually paid, what's to stop me from just doing it to the same company the next week? Maybe work out a payment plan, for $500/week and I don't attack you? Then I tell my buddies that some website pays for DDoS prevention, and they try to extort too...
But I have a solution:
Pay with Western Union money orders.
Dane-geld
:)
(A.D. 980-1016)
IT IS always a temptation to an armed and agile nation,
To call upon a neighbour and to say:--
"We invaded you last night--we are quite prepared to fight,
Unless you pay us cash to go away."
And that is called asking for Dane-geld,
And the people who ask it explain
That you've only to pay 'em the Dane-geld
And then you'll get rid of the Dane!
It is always a temptation to a rich and lazy nation,
To puff and look important and to say:--
"Though we know we should defeat you, we have not the time to meet you.
We will therefore pay you cash to go away."
And that is called paying the Dane-geld;
But we've proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane.
It is wrong to put temptation in the path of any nation,
For fear they should succumb and go astray,
So when you are requested to pay up or be molested,
You will find it better policy to says:--
"We never pay any one Dane-geld,
No matter how trifling the cost,
For the end of that game is oppression and shame,
And the nation that plays it is lost!"
- Rudyard Kipling
Anyone willing to try their hand at "updating" this to fit online extortion? This could be lots of fun
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Including, apparently, a good slashdotting.
and a Whiz Kid
Took On an Extortionist
and Won Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this. Saturday, Nov. 22, 2003, 7:57 a.m.
Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."
Richardson runs BetCris.com, an online wagering site, one of hundreds of sites ensconced in Costa Rica that take bets from Americans (and others around the world) without concern for U.S. bookmaking laws. Richardson received the e-mail just as he and his competitors were preparing for the year's busiest wagering season. With pro and college football, pro and college basketball and other sports in full swing, and with Thanksgiving and Christmas about to create plenty of free time, BetCris and the others stood to rake in millions over the holidays. Richardson was even planning an advertising blitz for the season to drive new traffic to his site.
If BetCris went down, he knew his customers would find another online bookie, "which will cost you tens of thousands of dollars in lost wagers and customers," the extortionists reminded him.
Despite all that, the e-mail didn't have the fearsome effect on Richardson that the extortionists hoped it would. He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I saidGod, in hindsight, what an idiotI said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
As a precaution, Richardson alerted his ISP, but essentially, he says, "We kind of fluffed it off." The veteran bookmaker didn't panic because, in fact, he had dealt with online extortionists before. Two years earlier, hackers crashed BetCris.com with a denial-of-service (DoS) attack, and then demanded by e-mail a $500 protection fee in eGold (an online form of trading bullion). Richardson paid without a second thought. Compared to downtime, $500 was trivial.
That first attack got his attention, though. Richardson consulted another industry veteran who confessed to having a similar problem, and who told Richardson to call a consultant named Barrett Lyon in Sacramento, Calif. Lyon didn't come to BetCris's officeshe had no interest in baby-sitting infrastructure in Costa Ricabut he did recommend some off-the-shelf products that had recently been developed specifically to fight DoS attacks. Lyon thought (actually he hoped) that he'd never hear from them again. Richardson and Lebumfacil were confident they had protected themselves.
When the attack finally came on that Saturday in November, sometime after that first e-mail but before 11:30 a.m., BetCris crashed hard. The off-the-shelf products Lyon had recommended survived less than 10 minutes. BetCris's ISP crashed, and then the ISP for BetCris's ISP crashed. Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
At 1:03 p.m., another e-mail arrived. "I guess you have decided to fight instead of making a deal. We thought you were smart.... You have 1 hour to make a deal today or it will cost you $50K to make a deal on Sunday." Then they knocked BetCris.com offline again.
The Extortion Problem
We know this about online extortion: It happens. Evidence of its prevalence or damage is speculative and anecdotal but useful nonetheless in guiding CSOs to understand the nature of the crime. Anecdotally, experts from law enforcement and information security consultants believe that perhaps one in 10 companies has been threatene
site down
Just tell a company that if they don't pay you, you'll have their site Slashdotted!
Works for every other damn site.
GET FREE APPLE STUFF!
I wonder, if somthing like this happened if an offshore company could cut a quick deal with an American company to steer some traffic to an American server to get the FBI involved. I don't know what the legal rammifications would be since it's an offshore gambling site and all. ... damn, their server is running slow. Maybe it's being DDOSed. Not enough posts yet to be slashdotted.
___
It's the end of my comment as I know it and I feel fine.
And Rudyard Kipling wrote about it best.
How a Bookmaker
and a Whiz Kid
Took On an Extortionist --
and Won
Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this.
CSO Magazine
May 2005
By Scott Berinato
Saturday, Nov. 22, 2003, 7:57 a.m.
Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."
Richardson runs BetCris.com, an online wagering site, one of hundreds of sites ensconced in Costa Rica that take bets from Americans (and others around the world) without concern for U.S. bookmaking laws. Richardson received the e-mail just as he and his competitors were preparing for the year's busiest wagering season. With pro and college football, pro and college basketball and other sports in full swing, and with Thanksgiving and Christmas about to create plenty of free time, BetCris and the others stood to rake in millions over the holidays. Richardson was even planning an advertising blitz for the season to drive new traffic to his site.
If BetCris went down, he knew his customers would find another online bookie, "which will cost you tens of thousands of dollars in lost wagers and customers," the extortionists reminded him.
Despite all that, the e-mail didn't have the fearsome effect on Richardson that the extortionists hoped it would. He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I said--God, in hindsight, what an idiot--I said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
As a precaution, Richardson alerted his ISP, but essentially, he says, "We kind of fluffed it off." The veteran bookmaker didn't panic because, in fact, he had dealt with online extortionists before. Two years earlier, hackers crashed BetCris.com with a denial-of-service (DoS) attack, and then demanded by e-mail a $500 protection fee in eGold (an online form of trading bullion). Richardson paid without a second thought. Compared to downtime, $500 was trivial.
That first attack got his attention, though. Richardson consulted another industry veteran who confessed to having a similar problem, and who told Richardson to call a consultant named Barrett Lyon in Sacramento, Calif. Lyon didn't come to BetCris's offices--he had no interest in baby-sitting infrastructure in Costa Rica--but he did recommend some off-the-shelf products that had recently been developed specifically to fight DoS attacks. Lyon thought (actually he hoped) that he'd never hear from them again. Richardson and Lebumfacil were confident they had protected themselves.
When the attack finally came on that Saturday in November, sometime after that first e-mail but before 11:30 a.m., BetCris crashed hard. The off-the-shelf products Lyon had recommended survived less than 10 minutes. BetCris's ISP crashed, and then the ISP for BetCris's ISP crashed. Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
At 1:03 p.m., another e-mail arrived. "I guess you have decided to fight instead of making a deal. We thought you were smart.... You have 1 hour to make a deal today or it will cost you $50K to make a deal on Sunday." Then they knocked BetCris.com offline again.
The Extortion Problem
We know this about online extortion: It happens. Evidence of its prevalence or damage is speculative and anecdotal but useful nonetheless in guiding CSOs to understand the nature of the crime. Anecdotally, experts from law enforcement and information security consultants believe that perhaps one in 1
Online Extortion
How a Bookmaker
and a Whiz Kid
Took On an Extortionist --
and Won
Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this.
By Scott Berinato
Saturday, Nov. 22, 2003, 7:57 a.m.
Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."
Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
Richardson runs BetCris.com, an online wagering site, one of hundreds of sites ensconced in Costa Rica that take bets from Americans (and others around the world) without concern for U.S. bookmaking laws. Richardson received the e-mail just as he and his competitors were preparing for the year's busiest wagering season. With pro and college football, pro and college basketball and other sports in full swing, and with Thanksgiving and Christmas about to create plenty of free time, BetCris and the others stood to rake in millions over the holidays. Richardson was even planning an advertising blitz for the season to drive new traffic to his site.
Ripe Targets for Online Extortion
Who, What, When, Where, Why & How
Read More
If BetCris went down, he knew his customers would find another online bookie, "which will cost you tens of thousands of dollars in lost wagers and customers," the extortionists reminded him.
Despite all that, the e-mail didn't have the fearsome effect on Richardson that the extortionists hoped it would. He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I said--God, in hindsight, what an idiot--I said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
As a precaution, Richardson alerted his ISP, but essentially, he says, "We kind of fluffed it off." The veteran bookmaker didn't panic because, in fact, he had dealt with online extortionists before. Two years earlier, hackers crashed BetCris.com with a denial-of-service (DoS) attack, and then demanded by e-mail a $500 protection fee in eGold (an online form of trading bullion). Richardson paid without a second thought. Compared to downtime, $500 was trivial.
That first attack got his attention, though. Richardson consulted another industry veteran who confessed to having a similar problem, and who told Richardson to call a consultant named Barrett Lyon in Sacramento, Calif. Lyon didn't come to BetCris's offices--he had no interest in baby-sitting infrastructure in Costa Rica--but he did recommend some off-the-shelf products that had recently been developed specifically to fight DoS attacks. Lyon thought (actually he hoped) that he'd never hear from them again. Richardson and Lebumfacil were confident they had protected themselves.
When the attack finally came on that Saturday in November, sometime after that first e-mail but before 11:30 a.m., BetCris crashed hard. The off-the-shelf products Lyon had recommended survived less than 10 minutes. BetCris's ISP crashed, and then the ISP for BetCris's ISP crashed. Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
At 1:03 p.m., another e-mail arrived. "I guess you have decided to fight instead of making a deal. We thought you were smart.... You have 1 hour to make a deal today or it will cost you $50K to make a deal on Sunday." Then they knocked BetCris.com offline again.
The Extortion Problem
We know this about online extortion: It hap
I, for one, welcome our new Antichrist overlord.
Trolltalk is currently under a crapflood attack by an angry script kiddie who is upset that cracky-chan's encyclopedia dramatica entry was vandalized by people on trolltalk. He is demanding that the changes be reverted. We cannot give in to crapflooders but the crapflood has made the sid impossible to use. We need your help. I never thought that IP bans were good for anybody until this happened. Please go into trolltalk and use your modpoints to mod down the crapflooder until his ip is banned.
We need to mirror them as well, they just got slashdotted. (oops..)
:)
I thought that was the point of having mirrordot
I coallated all the dupes into one!
this is the most epic and action-packed article i have ever read.
www.gaian-mind.org - eco-punk/crust coop and collective | www.anarchistfederation.org - so cal anarchist federation
Makes you look less geeky.
I'm not tense. I'm just terribly, terribly, alert.
Is it just me, or is the author none-too-subtly suggesting at the end of what seems a pretty flattering article that the one who engineered the defence is in collusion with the exortionists, and that paying him for help is essentially paying a protection fee? The turnabout in tone is so abrupt it seems like the last few paragraphs were written by a different person.
The only thing I'm reminded of is the telling of a guy who sought palindrome ICQ account numbers with email addresses from XS4ALL assigned to them, of which the email accounts had expired. Apparently he found a few, and through XS4ALL, he would re-create these expired email accounts, then have the old password sent to him. A weird collectible, and probably not the story you were looking for. :-)
Take off every 'ZIG' !!
God knows your /. ID is low enough that it might be true.
... dangerous. :)
Watch it with the age slurs there, sonny. That could get
I especially liked the ending. Finally a legal criminal that really delivers :P
Don't bother - it summarizes Shining Hero Californian defeats Evil Russian DDOS attacker. By the time I had finished reading the article, all my 'this is all complete BS and astroturf' posts were ignored.... Sure, this is impressive. Sure, it's nice that he might have done these things. However, this is more an epic story / advertisement than actual information or news.... This looks like a bunch of unbacked and unsupportable drivel to me. Who on earth bothers hacking an ICQ account? These vicious scary uber-powerful Russians with 10,000 + computers at their fingertips that can knock out even online gambling sites... Pay this man, and he will not only make them go away, but have them arrested in their dark, shabby apartments in the middle of freezing St. Petersburg.
My little site.
It just occured to me that when one company pays, that just provides additional resources to the extortionists. Could that be considered a crime? Providing financial support to a criminal enterprise or some such? If a competitor has paid and then they come for you, can you sue your competitor? I know, I know, nobody tells when they pay, but in principle could it be treated this way?
did anyone else notice that this is a november 2003 article?
PAY, although this may damage your ego.
The initial cash demands were a few thousands dollars. Too bad if you have to pay that.
In the end he lost revenue worth many times this amount, including the inital demanded amount EACH YEAR, but excluding revenue losses due to the downtime and lost customers.
I'm not sure if a great story would all be worth that. On the other hand it's nice to finally see a good solution.
That's not always possible when Slashdot has linked to something, as in this case. Still looking for a mirror to RTFA. :(
Starting Feb 2004, my site was hit by a powerful DDoS attack. It knocked out my web server and it nearly took out my web host's switch in the data center. I never got any demands or letters or figured out who caused it.
Anonymizer.net tried to help me by putting my domain behind a series of rotating proxy servers. Their whole network crashed after 6 hours and they had to stop helping me.
Finally my web host hit on the right idea. I set up a half dozen virtual private servers (VPS) at Globalservers.com (same company that hosts about.com and freeservers) and my host installed a proxy server on each one called twhttpd and set them all to route traffic to and from my web server at his data center.
Then I set up an account at ZoneEdit and added all the IPs for the proxy servers with a failover system. Every time the bastards knocked out one of the proxy servers, ZoneEdit would detect that the server was borked and switch to another one. With the load reduced, the dead proxy came back on its own a few minutes later.
After about 6 months of this, they finally gave up and I won.
Only on
mirrordot opened just fine when I checked it.
Hi
.efx attachment. it then emails these too you. if you recieve alot of junk faxes, they may apear as emails. since there is no way to prevent junk faxes it is probably likely this is what you are expereincing.
i just wanted to point out the fact that efax are NOT spammers. YOur sig is factually incorrect. Efax is a company that translates faxes into emails with the
efax.com are legitimate business professionals who we use every day. as the ceo of a fortune 500 company i can say, without a smidgen of doubt, that efax are most definately NOT spammers
cheers
Is a good thing. It means that you understand, if you read critically, that TFA is little more than a good story and a good snow-job.
So,
I'm trying to read the article and that is giving me another "business idea".
"Give me $10 000 or I'll submit an article to Slashdot with a link to your web site".
Distributed Denial of Service!
The Internet is full. Go Away!!!
Dang, the page is borked. How much does Slashdot charge to NOT put links out to?
Comment removed based on user account deletion
What the matter? 3Gb are just around 350MB, I download that daily. Oh wait, you meant 3Gb per second?
As if technical incompetence wasn't bad enough. What's the next step? "Threatining" "buisnesses" with bad spelling all day?
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
as in really old news, as in last year old news. I wish i had the /. link.
I mod down so you can mod up. Your welcome.
Page is unavailable already.
RHCE; are you certified? Karma: ambiguous.
Over 200 comments and only a handful seem to suggest that Windows insecurities play a big role in these incidents? I'd love to see some numbers from Prolexic about how many of the zombies they've discovered are unpatched Windows boxes sitting on cable modems and dsl lines. To be fair, yes, it may very well include some buggy Linux boxes also. We all know which OS is really targetted the most, though.
When are governments going to step in and start placing reasonable requirements for software security? When are they going to start punishing the companies that ship the buggy software that is entirely responsible for the existence of the online extortionist industry?
Fix bugs, no zombies.
No zombies, no botnet.
No botnet, no DDoS.
No DDoS, no extortion.
It seems pretty obvious that the extortionist would have been far better off threatening to Slashdot them if they didn't pay...the most effective DDoS method known to man!
"Apparatus dignosco occultus, satis non supernus."
Pretty neat post.
What's really strange is that when I first looked at your post, it was modded up to +5. Now it's only +3, with some "overrated" and "flamebait" attributes.
It sure seems like someone with mod points took issue with what you said, even though I do not consider your post to be flamebait in the least.
They're probably thinking they're getting DDos'd, I wonder if anyone warned them about getting /.'d
"God will roast their hard-drives in hell at the hands of SysAdmins."
"We defeated them yesterday. God willing, I will provide you with more information. I swear by God, I swear by God, those hackers who are staying in Russia have thrown these zombie PCs in a crematorium."
providing they leave his very important and highly secure network alone ( oh its address ? 127.0.0.1 )
And thats why Firecrackers and kittens don't mix.
How about if the extortion proceeds were being used to fund insurgent activities in Iraq, or some other form of terrorism. Suddenly the FBI and the CIA would care very much. Now, I can't say that such a thing is happening, but I can't say it isn't, either. Maybe that money is going to buying fast cars, booze, and 133t hardware, but just maybe it's going somewhere else...
The "War on Terror" causes us enough grief and annoyance, maybe it could do something we like, too.
The living have better things to do than to continue hating the dead.
I'll do it
/goes behind the barn
*BLAM!*
Where does the school board find them and why do they keep sending them to ME?
...is submitting a story to /. the last revenge of the DDOS extortioner?
All's true that is mistrusted
Try to visit 1,000,000 domains per second x 1,000 spammers!!!.
About 1 hour, the FBI's Carnivore System has received 3.6 Tera-domains for trashing!!! for nothing!!! for nada!!!, hahahaha.
open4free ©
From the album "Powerslave", c. 1984
Steve Harris
There goes the siren that warns of the air raid
Then comes the sound of the guns sending flak
Out for the scramble we've got to get airborne
Got to get up for the coming attack.
Jump in the cockpit and start up the engines
Remove all the wheelblocks there's no time to waste
Gathering speed as we head down the runway
Gotta get airborne before it's too late.
Running, scrambling, flying
Rolling, turning, diving, going in again
Run, live to fly, fly to live, do or die
Run, live to fly, fly to live. Aces high.
Move in to fire at the mainstream of bombers
Let off a sharp burst and then turn away
Roll over, spin round and come in behind them
Move to their blindsides and firing again.
Bandits at 8 O'clock move in behind us
Ten ME-109's out of the sun
Ascending and turning our spitfires to face them
Heading straight for them I press down my guns
Rolling, turning, diving
Rolling, turning, diving, going in again
Run, live to fly, fly to live, do or die
Run, live to fly, fly to live, Aces high.
Xenon, where's my money? -Borno
and a Whiz Kid
Took On an Extortionist -
and Won Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this.
By Scott Berinato
Saturday, Nov. 22, 2003, 7:57 a.m.
Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."
Richardson runs BetCris.com, an online wagering site, one of hundreds of sites ensconced in Costa Rica that take bets from Americans (and others around the world) without concern for U.S. bookmaking laws. Richardson received the e-mail just as he and his competitors were preparing for the year's busiest wagering season. With pro and college football, pro and college basketball and other sports in full swing, and with Thanksgiving and Christmas about to create plenty of free time, BetCris and the others stood to rake in millions over the holidays. Richardson was even planning an advertising blitz for the season to drive new traffic to his site.
If BetCris went down, he knew his customers would find another online bookie, "which will cost you tens of thousands of dollars in lost wagers and customers," the extortionists reminded him.
Despite all that, the e-mail didn't have the fearsome effect on Richardson that the extortionists hoped it would. He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I said - God, in hindsight, what an idiot - I said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
As a precaution, Richardson alerted his ISP, but essentially, he says, "We kind of fluffed it off." The veteran bookmaker didn't panic because, in fact, he had dealt with online extortionists before. Two years earlier, hackers crashed BetCris.com with a denial-of-service (DoS) attack, and then demanded by e-mail a $500 protection fee in eGold (an online form of trading bullion). Richardson paid without a second thought. Compared to downtime, $500 was trivial.
That first attack got his attention, though. Richardson consulted another industry veteran who confessed to having a similar problem, and who told Richardson to call a consultant named Barrett Lyon in Sacramento, Calif. Lyon didn't come to BetCris's offices - he had no interest in baby-sitting infrastructure in Costa Rica - but he did recommend some off-the-shelf products that had recently been developed specifically to fight DoS attacks. Lyon thought (actually he hoped) that he'd never hear from them again. Richardson and Lebumfacil were confident they had protected themselves.
When the attack finally came on that Saturday in November, sometime after that first e-mail but before 11:30 a.m., BetCris crashed hard. The off-the-shelf products Lyon had recommended survived less than 10 minutes. BetCris's ISP crashed, and then the ISP for BetCris's ISP crashed. Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
At 1:03 p.m., another e-mail arrived. "I guess you have decided to fight instead of making a deal. We thought you were smart.... You have 1 hour to make a deal today or it will cost you $50K to make a deal on Sunday." Then they knocked BetCris.com offline again.
The Extortion Problem
We know this about online extortion: It happens. Evidence of its prevalence or damage is speculative and anecdotal but useful nonetheless in guiding CSOs to understand the nature of the crime. Anecdotally, experts from law enforcement and information security consultants believe that
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
... or does this sound like an opening line for a soft-core porn flick?
"Lyon was 23 and looked at least that young. His blond hair offset a tan, handsome face. Allec says Lyon looked like he had given up a day of surfing to swing by and help out."
8==8 Bones 8==8
Oh the irony, Slashdot has now DDoSed CSO Magazine.
Movie News - "Entertainment news, bitch!"
I swear I read this about a year ago... but I'm too lazy to search for it or check the date on the slashdotted article.
The whiz kid was in on it. He knew what the DDoS attacks would do, and how best to mitigate them. And he personally conducted most of the "investigation" that lead to arrests (most likely of patsies). Now he receives protection money, above the table, all legit, from dozens of companies.
Going legitimate is the ultimate in cashing out of a criminal lifestyle.
What guarantee do you have that they get the right guy?
What about these enforces making the threats, to get the payoff?
Every summer in North America there are some people starting wildfires in order to get a job fighting wildfires.
I'll stick to legal methods, it is less likely to be corrupt in my opinion.
If you're a libertarian...
Ben Hocking
Need a professional organizer?
"We will fight them, sir, until hell freezes over. And then, sir, we will fight them on the ice."
Work is punishment for failing to procrastinate effectively.
Im just curius if anyone have any stats on how common *nix zombies are. My perception is that its only Windows boxes.
If that is true this isnt something that should be dealt with at the gaming site. The real solution would ofcourse be filtering at the ISP level to stop spoofed IP's and better security in Windows.
HTTP/1.1 400
When you can just /. them?
What would happen if he had changed the dns of his website, to, i dunno, say the ip address of fbi.gov? The criminals would then be dossing fbi.gov and the fbi would immediately notice. If it wasn't a dns-based attack, it should be relatively easy to route all incoming traffic to another ip address.
I wonder if the guy that was originally being dossed would get in trouble for it.
Why read the article when I can just make up a snap judgement?
I'm the head network engineer at an isp.
2 years ago one of our customers recieved a DDOS email and he called me and asked me what he should do.
I told him to ignore it and honestly I found it quite amusing, thinking it was script kiddies.
I wasn't laughing 24hrs later as they completely saturated our pipes and our border routers (7206 VXR's at the time) were locked at 100% cpu.
I've taken serious steps since then to be ready. it wasnt a pleasant experience though and happened right in middle of business day.
"I have a vision: a zombie on every desk, and in every home"
... or "I'd Rather Have a Bottle in Front of Me" by Dr. Randy Hazlick. Just to track it further, Hanzlick has admitted to having acquired the line from bathroom wall graffiti at a hospital he was working at. The original quote was "I'd rather have a free bottle in front of me than a pre-frontal lobotomy." which carries some fun wordplay as well.
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
Ask them where to send the cash. Even if they give a PO box send your high scale accountant BUBBA to wait by the po box. Have Bubba follow the guy to his headquarters. Then have bubba politly do a manual denial of service attack on him.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Because you're going to help us, Mr. Anderson. Whether you like it... or not.
Weaselmancer
rediculous.
Fuck Slashdot. The parent got modded down because you people are racist.
Nice. Mirrordot lifts the original article, blocks the ads, and inserts their own. I hope they get fucking sued.
I've read a hell of a lot of trolls on Slashdot over the years and they tend to be based on a pornographic style of writing with a heavy emphasis on fetishized iconography which this story was absolutley crammed with.
This was essentially an attempt at geek porn with bandwidth and routers replacing giant titties and shaved pussies.
The whole premise was far too James Bond, but the heart of the problem was the amount of resources everyone seemed to be willing to fling around. This thing about buying a server farm to protect against a DOS attack sounds rather far fetched from a financial perspective and in the real world a dollar is a dollar.
And all the gambling site ops are buddies? Hmm they got a union of sorts then? I kinda doubt it. A lot of loose ends in the story that sound good as a narrative but don't sound realistic.
Comment removed based on user account deletion
This was a tie, at best. It still cost you time and money so you still came out a loser on that score; you just didn't lose as much, perhaps. As it stands now, they can attack someone else with impunity, and probably have. It's only a win if they are identified, prosecuted, and their zombies shut down. Everyone has to start thinking that way. It's only a win when they actually lose something, their anonymity, a few years of freedom and or money in fines, and their zombie network.
I have no need for such a program.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
"Now Richardson has a better option. Pay Lyon $50,000 a year and he's protected. He doesn't have to worry about paying extortionist's protection fees."
TFA's end phrase is a summum in sarcasm.
From a purely economic standpoint, it makes me wonder who's the real "extortionist"...
Have fun: Join D.N.A. (National Dyslexics Association)
I would be much less intimidated by an online contortionist. That's for sure.
"Pay up or I'll bend over backwards"!
The Internet is full. Go Away!!!
How ironic that a story about fighting DDoS attacks can't be read due to the Slashdot effect.
Even though casinos are always smothering my blog with blog spam making it useless, I would never stoop so low as to DDOS one in revenge. 0:-)
(can't believe I didn't think of the extorton thing)
On September 11, 2001, most of the news web servers were screaming under the load. If I recall correctly, slashdot was one of the few servers that could withstand the constant pounding and people were using it as a main source of up-to-the-minute information. (Slashback: http://slashdot.org/article.pl?sid=01/09/11/131425 8&tid=103)
I think even Fark was hit by a lot of time-outs for a while.
Cave, wreck, and deep diver.
Good point about Kipling never going out of style.
They wanted me gone and I'm still here despite all they could do. I consider that a win.
Only on
I just use the new Browning Automatic Router (BAR). When it detects these kind of attacks it sends out a series of 9mm packets at a high rate to the servers that are attacking. When the servers are destroyed, hopefully the admins will secure the new ones better. This is much better (and cheaper) for those who have been hacked than blacklist. They learn something for only the cost of replacement.
All Windows problems are hardware problems. Don't load it on hardware, no problems.
I suppose someone called them and said "Pay us 1.5 million dollars immediately or else we'll submit this story to Slashdot and your site will be DDoSed for the next 24 to 48 hours!" ...I guess they didn't pay up. :)
[an error occured while processing this directive]
You own a Hummer or get all wet dreaming owning one ?
They added a mirror for CSO online. Browse to the following URL and it all starts magicall working.
www.csoonline.prolexic.com
He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I said--God, in hindsight, what an idiot--I said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
Is this guy's last name really 'The Easy Bum'? Wow, lol.
Tell him to drop it, and if he resists, shoot the little bastard.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Damnit, I just ran out of mod points. Otherwise you would have earned some right there. Very nicely done !
--LordPixie
http://csoonline.prolexic.com/read/050105/extortio n.html
..mentioning coral as a way of reducing the /. effect is an excellent idea.
Thanks.
Even better idea - can't you copy off your main page, and redirect your main page's URL to a coralized link?
The article is about online extortion via botnets and the entire first 200 pages of responses are about the Battle of Britain and how America saved the world from the evil Europeans...again.
Morons.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
rotfl.
Gravity Sucks
the article at mirrordot
It seems like if this guy really wanted to get the feds involved, he'd point out the terrorist connections of such activity.
Now, hear me out. Sure, everything is blamed sooner or later on terrorists these days, but operating a DDoS bot net is just the sort of thing Al Qaeda's "information warfare division" might be expected to do (since I doubt they have the seriously hard talent to do much more than use COTS stuff). While the criminal organizations in it for the money are, as usual, probably far more sophisticated, a group like Al Qaeda might certainly try to raise funds this way, especially if they're taking from western gambling sites or the like with high moral hazard/running contrary to the tenets of Islam/yadayadayada.
The connection is certainly plausible enough that if you push it hard enough, you could certainly get someone's supervisor at the FBI to launch a full-scale kiddie porn-style crackdown, methinks.
> The sad thing is that I remember that speech entirely because >it's used as an intro to the Iron Maiden song, "Aces High." Same here. I had the cassette...
- Mike T.
The broom being useful to sweep away all the Trojans that said hookers and Johns left on your upstanding company's parking lot...
Sounds like Mr Gambling Site Owner is living and dying by the sword.
Pay up - along with an offer to double the payment if they will hit microsoft.com for at least three week.
I agree. It's like getting cancer. If it doesn't kill you that's a win.
Even if cancer still exists.
"Clothes make the man. Naked people have little or no influence on society." - Mark Twain
If 'the people' in Amendment 2 are 'the state' then Amendments 1, 2, 4, 9, and 10 benefit the state, not you.
The hostess raised her eyebrows and curtly responded, "Mr. Churchill, in this country we ask for white meat or dark meat."
"My apologies, Madam, I was not aware of your customs."
The following day, a thank you gift was delivered to the party's hostess with a large orchid. The following was written on the note: "I would be obliged if you would pin this on your white meat."
"In Texas there is no lower limit. You can shoot someone in the back who is running away from you and is no longer on your property, as long as they stole from you and you can expect that you won't see it again if they make off with it and you would be at risk if you caught them. That's pretty much a blank check to shoot a robber in the back."
This is plain wrong. I lived in Texas and this is NOT legal. To have a justifiable shooting, the person must be in your house or attempting to break into your house while you are there. Just like other states, if you shoot someone in the back as they are trying to escape, you are breaking the law. It's the old "did you feel that your life was threatened?".
Now, having said that, I must state that there can be some loose interpretations of what constitues "trying to break into your house". But on the whole, we aren't just a bunch of gun-toting people hunter's down here. Despite what the press would have you believe, most of us in TX are just like you and me.
It's AMAZING, but you have to supply the electricity which will add up to a fair amount for a real pc vs. a little appliance thingy. Got a spare laptop with a borked screen or something? You could probably pick one up for a song at RePC or a similar outfit.
In the context of this article, the correct term is slashdos'ed
Thank you
No, I don't trust in god. He'll have to pay up front, like everybody else.
Yikes....im a single cell in the womb if were going by that analogy.
CmdrTaco: Give me $10K or I link to your site.
There is no difference. The extrapolation from actual voters to eligible electorate is perfectly valid, comforting as it may be for the losers to hope for there being some statistically significant "hidden reserves".
Especially this time around the voting crowd was quite diverse and the preelection vote-encouraging rhetoric more shrieking, with the "Choose or Lose" of the past replaced by the pompous "Vote or Die".
In Soviet Washington the swamp drains you.
It's a line from "The Life Aquatic with Steve Zissou."
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
... protecting against this nonsense could be sheeted back to the manufacturer of the insecure operating system on the 'bots, then he'd pretty quickly mend his insecure o/s. Technical problem solved. The real problem however is the absence of police and legal systems equipped with sufficient backbone to be able to adjudicate on and enforce a ruling against a huge international corporation.
Here at least, if a car pollutes to much or is a safety hazard it can't be driven. from the article a 20,000 helped cause an attack that cost around the one mil. mark. or to be more specific, each of those zombies caused $50 worth of damage.
How much does a decent firewall cost?
Make getting online a right, but a right that has responsibilities (just as getting on the road does). You want to send traffic, fine. But if you are detected as a zombie you now have to 'for $50 about' prove that you have fixed the problem before you can get back online.
Reading this article only proves to me that just letting any old hunk off junk on the internet super highway is not a good idea.
Aside from that, your philosophy leaves a huge gaping hole in the murder laws. Suppose you want someone dead. You give them a nice gift. As they are walking away, you shoot them in the back of the head and kill them. You are arrested and claim they were running away with your property.
That is why the law doesn't work the way you claim. When someone claims self-defense, they are generally prosecuted anyway. In most states, if you claim self-defense the burdon of proof is on you to prove that your life was in immediate danger (the prosecution only has to prove that you killed the person, which you will confess to in order to claim self-defense). If you fail to prove that your life was in danger, you will be convicted of murder.
>> I regularly had to chase crackheads, as well as hookers with their Johns off of our back steps.
Where I work we have security. They deal with unwelcome visitors... it's a job I'm happy to leave to the folks trained and paid for it.
If your company didn't hire janitorial staff, would you clean the toilets too? Seriously, if you're a qualified admin why would you do security work? If it's because you have some hollywood delusions about how sexy guns are, you really shouldn't carry one.
http://request-header.info
I believe if I had a business that lost a million dollars due to downtime and my network wiz tracked the guy's home address, I'd be on the next flight out with a good, strong baseball bat.
Egress filtering is easy, and should be mandatory. Dunno if ISPs are in the driver seat these days, but unless someone made arrangements to be a transit net with a 2nd ISP, I'd be pretty ticked to see inbound packets from a surprising CIDR range.
My own net (medium size community college) is filtered on the internal and border router. Belt and suspenders, you know?
In reality, this site is hosted on an Amiga.
;-)
Hey...That is obviously wrong, but it's an easy mistake to make. Not every Commodore is an Amiga.
I'm writing this on my Amiga, with Apache running comfortably on it, actually. It pumps out large files too (around 100 MB), with upstream bandwith the limiting factor to speed.
You've confused the Amiga with the Commodore 64, which actually does have a webserver: Contiki
Irene KHAAAAAAN!
If you read the article, you'd see that one of the tactics of DDoS-attackers is to attack a domain that is their own, but points to the victim.
So the FBI would have a hard time separating the DDoS-attackers from a victim that's silly enough to re-route to the FBI.
(And as others said: Re-routing or null-routing means that your site is down anyway, giving the DDoS'ers the victory.)
Irene KHAAAAAAN!
Please send me $50,000 or I will post an article on Slashdot with a link to your website, and it will will go down for the next week.
Randy.Flood@RHCE2B.COM
The way I read the article the guy worked his ass off to provide the service for which he was hired - network security consultant. I'd say his $50K fee wasn't all that much compared to the benefits of having a bulletproof setup for production servers.
Opening scene: clueless luser notices things going slow for a few seconds. "Oh", they say. Later we find out they've been zombified.
There's a major theme of ambiguity of identity and purpose, so the Lyon character needs a verbal mannerism like "Hmm, this is true" just to make you keep asking "but is it?". Also there's a lot of disembodied voices (the first half of the story is all non-meatspace) so there's a backing track of, say, some Mozart choral stuff. The coolness of that also emphasises the frenzy in the machine room.
You never actually see Ivan etc, just see some TV news story about arrests in somewhere unpronouncable across the sitting room over supper.
The "Is he actually one of them?" question is an excellent last-scene twist leaving essential questions hanging in the air, like in The Sting.
Of course, you'd have to pretend it wasn't about real people etc...
What eles?
http://anweald.co.uk
if you have a backup link, you can set up both links to filter routes from the other link. Traffic to ISP2 really ought to exit to ISP2.
And unless you are set up to be a transit net, you really ought to block outbound src != your addresses on both nets.
There are a lot of leaf node nets with more than one stem.
I agree the filter ought to be pushed as close to the host as possible. You need the host mac to track the spoofer down, for one thing. You lose that after hop > 0.
If it is who you work for though. This has happened to bookmakers etc. all around the world, whether England, Australia, Austria, etc. (large publicly listed companies included)
Not Free SF Reader
Well, then, no one should ever be arrested.
That arguement doesn't fly. I'd agree that no one should be held indefinitely, but arresting someone is a reasonable action to prevent a crime that will not result in their death! What kind of analogy was that? Which legal system are you working under?
You are also saying that if I witness someone breaking into my house, grabbing my TV and running off with it, I'm not capable of determining whether they committed a crime. You are wrong on both counts. Try again.
Simply stating that I'm wrong in an insulting tone , and adding a condescending "try again" is not an argument.
The taking of another human life should not be taken so lightly that anyone that's had their $200 tv nicked should be able to do it.
If the theif comes in with a gun and you shoot him TO WOUND with that gun (or to kill ONLY if your life is at risk) I think that's totally acceptable. A person who has little choice but to die or fight back shouldn't be penalised for fighting back. A gun-toting redneck who wants to kill him a burgular is a danger to society and should be locked up. Its a fine line and a difficult thing to determine, hence the idea of a jury of peers (as imperfect as that is).
These posts express my own personal views, not those of my employer