Taking on an Online Extortionist

An anonymous reader writes "When an online exortionist comes a knocking, threatining a DDoS, do you pay or fight? For many, paying may seem like a sensible option when compared to going out of buisness. CSO Magazine has a riveting article about how an online gambling site and a DDoS specialist teamed up to take on such an extortionist. When everybody else was rolling over and paying, this company risked its very existence to fight back. From the article: '"The attack went to 1.5Gb, with bursts up to 3Gb. It wasn't targeted at one thing. It was going to routers, DNS servers, mail servers, websites. It was like a battlefield, where there's an explosion over here, then over there, then it's quiet, then another explosion somewhere else," says Lyon. "They threw everything they had at us. I was just in shock."'"

oblig Churchill

[isecore]

"We will fight them in the CAT5, on the routers, in the packets. We will never surrender"

Or however he said it :)

Re:oblig Churchill

[ShaniaTwain]

"I may be drunk, Miss, but in the morning I will be sober and you will still be ugly."

Re:oblig Churchill

[Knara]

The sad thing is that I remember that speech entirely because its used as an intro to the Iron Maiden song "Aces High"

Re:oblig Churchill

[kfg]

We really need to put a stop to damned terrorists and insurgents like this.

KFG

Re:oblig Churchill

[3770]

Would you have been happier if you remembered it because you were there in person?

God knows your /. ID is low enough that it might be true. ;)

Re:oblig Churchill

[RichardX]

Churchill definitely had some of the best quotes in history.
He also looked like every baby ever born.
It's true! all babies look like Winston Churchill.
Quite scary, really...

Re:oblig Churchill

[mcmonkey]

"we shall fight on beaches, landing grounds, in fields, in streets and on the hills"

Hay Winston, why not try fighting them in Germany?

Re:oblig Churchill

[Pig+Hogger]

Lady Astor, first woman elected to the House of Commons, to Winston Churchill:

-- If you were my husband, I would poison your coffee.

-- If you were my wife, I would drink it.

Re:oblig Churchill

[sphealey]

Me? I'm just this guy, ya know?

I hear ya.

sPh

Re:oblig Churchill

[PatMouser]

Bah.

Re:oblig Churchill

[donutello]

We shall fight in France and on the seas and oceans; we shall fight on beaches, landing grounds, in fields, in streets and on the hills.

Hey, sounds like our last family vacation!

Re:oblig Churchill

[rizzo420]

The news had come out in the First World War
The bloody Red Baron was flying once more
The Allied command ignored all of its men
And called on Snoopy to do it again.

Twas the night before Christmas, 40 below
When Snoopy went up in search of his foe
He spied the Red Baron, fiercely they fought
With ice on his wings Snoopy knew he was caught.

Christmas bells those Christmas bells
Ring out from the land
Asking peace of all the world
And good will to man

The Baron had Snoopy dead in his sights
He reached for the trigger to pull it up tight
Why he didn't shoot, well, we'll never know
Or was it the bells from the village below.

Christmas bells those Christmas bells
Ringing through the land
Bringing peace to all the world
And good will to man

The Baron made Snoopy fly to the Rhine
And forced him to land behind the enemy lines
Snoopy was certain that this was the end
When the Baron cried out, "Merry Christmas, my friend"

The Baron then offered a holiday toast
And Snoopy, our hero, saluted his host
And then with a roar they were both on their way
Each knowing they'd meet on some other day.

Christmas bells those Christmas bells
Ringing through the land
Bringing peace to all the world
And good will to man

Christmas bells those Christmas bells
Ringing through the land
Bringing peace to all the world
And good will to man

Re:oblig Churchill

[mikael]

Humbug.

Re:oblig Churchill

[dokkeri]

Oh great... The one time something I have is large and the people want it to be small.

Re:oblig Churchill

[davidu]

*yawn* ;-)

-davidu

Here's a tip

[dtfinch]

Don't respond. They'll think you didn't see their email.

Re:Here's a tip

[imuffin]

When I threaten to extort someone by email and they don't answer, I usually just deface their homepage with a big blinking red message that screams

READ YOUR EMAIL, DUMBASS!

---
watch funny commercials

Even Slashdot?

[troc]

"They threw everything they had at us. I was just in shock."

I guess that includes getting a mention on Slashdot?

Troc

Re:Even Slashdot?

[caluml]

Is "gambel" in those "bad words" lists?

Re:Even Slashdot?

[RexDart]

5. Determine the hacker's RL name, location, etc. 6. Contact an independent bounty hunter (Mad Dog, anyone?) to launch a "Denial of Freedom" attack 7. Tape the whole thing as a reality show so that G4/TechTV could have at least one interesting program.

Re:Even Slashdot?

[jonadab]

> Very true, this post could have much worse consequences than they
> could ever throw at you.

I doubt it. As near as I can figure, a solid slashdotting comes to at most a two-digit MBPS figure, and that can only be kept up for a day or so. If you RTFA, it was talking about attacks of over 1GBPS sustained for weeks. That's something like fifty slashdottings at a time, more than once a day. The article didn't say what kinds of packets these were (forged-source SYN, reflected ACK, or what), but you get the idea that it was different kinds at different points.

In any event, the attack was apparently more bandwidth-consumptive brute-force than any particular cleverness. In practice, that's probably the most effective type of attack, because a clever attack (such as a traditional SYN flood) is subject to being thwarted by greater cleverness on the defensive end (e.g., SYN cookies). But a bandwidth-consumptive distributed attack is hard to defend against without having a bigger pipe than the aggregate bandwidth of the zombies.

(In the short term, that is; in the long term, given adequate resources and expertise, you eventually track the whole thing down and set the authorities on the perp, or failing that (e.g., if the whole operation is being run from the Federated People's Democratic Republic of Bob's Two-Acre One-Inch-Above-Sea-Level South-Pacific Coral Atol In International Waters (FPDRBTAOIASLSPCAIIW)) get his ISP to shut him down, but that all takes time, and meanwhile you want to keep your network online as much as possible.)

So now we're gonna slashdot 'em?

[LordByronStyrofoam]

Seems kinda brutal to hit them with another DDOS.

Re:So now we're gonna slashdot 'em?

[Manfre]

The casino site was hit for money. CSO was throw in for free!

The DDoS worked apparently.

Or maybe it was planned this way. Nothing says offline like a link from slashdot.

Re:That's frightening

[KiloByte]

Uhm, to take away the bots, you would have to cut them at the root. And the root is a certain mega-corporation that's a bit difficult to be rooted out.

gambling and extortion?

[superwiz]

First time those 2 go hand in hand....

Re:gambling and extortion?

[pdbogen]

+5 ironic

DDoS?

[Tim5309]

Is anyone else revelling in the hilarious irony that the site about surviving a DDoS attack has been Slashdotted? Or is that just me?

I fell for one of these

An online wallet inspector demanded I send him my billfold posthaste. I never got it back. Be forewarned.

Just do what we do on IRC

Find out where they live and call their mom.

Extorting a gambling site?

[wowbagger]

Extorting a gambling site? That strikes me as a LLM (life limiting move, c.f. career limiting move).

Many gambling sites still have connections to, shall we say, respectible businessmen of the Italian or Asian pursuasion, who are used to handling such matters extra-legally.

You might just wake up one day with your computer's monitor (cables severed with an ax) in bed with you.

Or Guido and Nunzio standing over you, giving you tips on the finer points of extortion while they wait for the concrete to set.

Re:Extorting a gambling site?

[daniel_mcl]

I was just suggesting this as a solution to spamming awhile back; if it's really that expensive to businesses, wouldn't it be more economical for them to arrange to have spammers assasinated? I'm serious about this -- if people are cool with paying Mafia kickbacks to their sanitation company, wouldn't they be willing to pay for something which will save them quite a lot more money?

If such a job were available I'd personally be going through sharpshooter training right now.

Re:Curious

[Secrity]

Wormholes.

Re:Good, some balls.

Oh, did I mentioned that me, and everyone else at the company carry Glock 19's?

What about the interns?

Next News Story...

[kniLnamiJ-neB]

"How CSO Online took on Slashdot... and LOST."

I'm glad that somebody's standing up to the jerk though... people who do stuff like that are wasting perfectly good matter.

Re:Curious

[Gzip+Christ]

I've always wondered...when a site is slashdotted, it implies that the site has been hit by high referrals from slashdot, causing it to become slow or go down totally. But how does slashdot itself cope with the high traffic?

It's quite simple, really - Slashdot just doesn't link to itself.

Re:Good, some balls.

Wow, you all carry Glock 19's? Damn.. you are all badasses! ISP admins must be a tough crowd.

How many times have you pointed them at a human?

Blockbuster?

[pakog]

Am i the only one who was sitting on the edge of my seat while reading the battlefield analogy? This is unexplored movie territory with some great potentiol. "Behind CAT5 Lines"

Re:Curious

[Chmarr]

Oh! That would explain all the dupe articles we see!

Re:Curious

[MyLongNickName]

That's the trick. Most people would say "bigger servers" and "bigger bandwidth". But I know the real reason. Notice how you get 'Service Unavailable'? Every so often? I found that if more than 50 people are accessing Slashdot at the same time, that their database cannot handle it. In reality, this site is hosted on an Amiga. Only 50 users you say? That can't be.... just look at my User ID!

All the 813,621 users before you don't really exist. These messages are randomly generated geek buzzwords. "Users" are given personalities, ranging from "Linux lover" to "Windows loser", from "I'm just a troll" to "IAARS", from "Funny" to "I take myself serious, but no one else does".

Those "personalities" alter the pre-populated phrase list according to topic (actually, I am not even sure the topic matters). Think of it as an advanced Turing simulation.

I was fooled for my first three months. Then, I saw the predictable responses, and realized that there was no actual intellegence here. Just the occassional real life person who wanders in and is fooled for a while. The auto-misspell feature was a nice addition, I have to admit.

Want proof? Pick a user id. Peruse messge list. Notice the lack of variety? Notice the lack of real meaning behind each message? And when there is real content, try browsing earlier messages. You will find phrases ripped verbatim from an earlier post.

Of course, you may also be a bot. CommanderTaco is always making tweaks to the message generation algorithm (though his posts, too, are mostly generated by code). I will have to peruse your message history when I am done posting here.

EVIL!

[jav1231]

Okay, I first read that as "Online Exorcist." I'm thinking, how does THAT work? TO: Satan@littlegirlshead.com
From: Father Mayai (Yes, you may!)
Subject: Notice of Eviction

Re:EVIL!

[Aspherical+Cow]

I figured it would have been something like

ssh root@possessed killall daemon

Re:Good, some balls.

They share one.

Re:Fight!

[Fishstick]

If only there was some kind of online medium for news articles where answers to questions like these could be answered!

Oh wait...

You can send us $40K by Western Union [and] your site will be protected

Richardson runs BetCris.com, an online wagering site, one of hundreds of sites ensconced in Costa Rica that take bets from Americans ... without concern for U.S. bookmaking laws

Lyon says, "I could have left it alone, but I had gotten attached, and I started investigating. I came up with some interesting techniques to trace back the attacks." He turned over his work to several law enforcement agencies, but he never heard about it again.

"Um, hello - FBI? Hi. Yes I run a website gambling business offshore in Costa Rica and I just got threated by someone who says they will shut me down unless I wire fourty thousand via Western Union to someone in Belarus who *click* Hello?"

"They threw everything they had at us."

[hiero]

Including, apparently, a good slashdotting.

Re:Question

[Just+Some+Guy]

Mr. Piquepalle regularly pretended to be "just some guy"

Hey, leave me out of this! I can't even get my own articles accepted.

Re:Good, some balls.

[ReverendLoki]

I can't quite see the relationship between the two things...

Because, sometimes that Windows box crashes one time to many...

age discrimination!

[Tumbleweed]

God knows your /. ID is low enough that it might be true.

Watch it with the age slurs there, sonny. That could get ... dangerous. :)

Re:age discrimination!

[Xenophon+Fenderson,]

*grumble* . . . get off my web site, you damn kids!

Re:age discrimination!

[dhall]

I guess I'm feeling like a real fossil then... :)

Re:age discrimination!

[AgentSmith]

Holy Crap! You are the lowest ID I've ever seen. It's like elder races have returned. RUN!

Re:Good, some balls.

[vbrookslv]

Yes, that's what my Fairbairn-Applegate Covert folder is for. But my daddy always told me, never bring a knife to a gun fight. Well, I choose to improve upon his wisdom by having both.

In actual fact, my Batman utility belt is getting kinda crowded. Ipaq 5500, Nokia 6620, Motorola HS850, Knife, and Gun. I think I need a pair of suspenders. (Does Jinx sell geek-spenders?) Fortunately for me, I have a larger circumference than the average geek, which gives me more belt real-estate. I don't know how you twiggy types carry all of your gadgets.. :)

New "business idea"

[3770]

So,

I'm trying to read the article and that is giving me another "business idea".

"Give me $10 000 or I'll submit an article to Slashdot with a link to your web site".

Distributed Denial of Service!

Re:Good, some balls.

[vbrookslv]

We were later tossed in jail for threatening with a weapon

Actually, In Nevada, it's called "brandishing".

Take a fucking joke people, jeez. Yes, the story is true. Yes, we all carry Glocks. No, we didn't point them at anyone. Just snatching the fucker out of his perceived anonymity was enough. (hint to the AC's?)

When asked why we carried, our stock response was "We take Network Security VERY seriously." And follow it up with (in my best Monty Python) "I don't like SPAM!".

Re:Question

[Greyfox]

Everything that bastard submits gets accepted! You could submit "How scientists cracked the light speed barrier" and get rejected and then he comes along behind you with "Anatomy of a cheez doodle" and gets accepted! God I hate him! Hate hate hate! Yup...

Re:That's frightening

It makes me wonder if this new anti-DDoS company can somehow establish relationships with ISPs to track back the zombies and get them shut down more quickly?

I'm starting a company much like that myself. Nice network you've got here, hate to see anything happen to it. I can protect it for you... for a price.

So...

[Theatetus]

...is submitting a story to /. the last revenge of the DDOS extortioner?

Re:Good, some balls.

[jcuervo]

Silly question.

Is it just me...

[Bones3D_mac]

... or does this sound like an opening line for a soft-core porn flick?

"Lyon was 23 and looked at least that young. His blond hair offset a tan, handsome face. Allec says Lyon looked like he had given up a day of surfing to swing by and help out."

Re:Curious

[Jtheletter]

All the 813,621 users before you don't really exist. These messages are randomly generated geek buzzwords. "Users" are given personalities, ranging from "Linux lover" to "Windows loser", from "I'm just a troll" to "IAARS", from "Funny" to "I take myself serious, but no one else does".

Oh cool, this must be one of those meta-tin-hat /.-bots I heard Taco was developing! Sowing seeds of dissent and conspiracy for its own sake.

What a great entry-level comment to test with too! By publicly 'outing' the very system it is a part of no one will take this position as serious anymore and simply decry those who suggest it a yet another foil-hatter, while simultaneously freeing this chat-bot of being accused as one. After all if it were a bot, why would it point out all its own secrets?

Bravo Taco, you are to be commended for this nasty little piece of deception. But of course, if 822545 is a bot, then how can I prove that I am not one? Well, quite easily, you see der lichentttttt ^H^H^H^H
WARNING -- Unhandled parsing error at 0x0E346B22: Core meta-logic rebuttle memory dump in progress! Rebooting comment generation APU at segment data 2501 -- END

Careful picking on the '19

[Bob+4knee]

Oh, did I mentioned that me, and everyone else at the company carry Glock 19's? Yeah, we didn't have any more problems for the rest of the con. Everyone was on their best behaviour. A bunch of fine, upstanding individuals. :)

Ever tried real hard to disappear when your 4 year old kid admonishes a cop (bragging on his new 9mm) for carrying a "girl gun" "like my mom used to use until she learned to shoot"...

Re:Rudyard Kipling's "Dane-geld" - extortion poem

[howlinmonkey]

It seems a good idea to sit in Eastern Europea
And mail out missives with a threat
"We know that you have gold, and if I may be so bold
If you send me some I will not be a threat"

And that is called running protection
And the scum who demand it defend
That you only have to pay them protection
And your enterprise won't have to end.

It is a real temptation to avoid a confrontation
And pay off the bottom sucking filth
Then the business you created won't be immolated
By the bandwidth sucking zombies and their ilk

And that is called paying protection
But after you've paid up today
They'll come calling for more protection
There will never be an end to what you pay

It's a shame to whimper quietly and meet with their demand
To keep the money flowing fast and free
So when they do demand the little money in your hand
I would suggest that you repeat slowly after me.

"We never pay any scum protection
No matter how hard they may lean
For tomorrow you'll be back threatening to hack
Using any zombies you can glean "

I am no Rudyard Kipling, but I think this captures the essence of it :)

Re:Simple solution.

[Lord+Bitman]

welcome to the internet! There are many new and exciting technologies which you should look in to now that you are here!

Actually

[chriso11]

In the context of this article, the correct term is slashdos'ed

Thank you