Taking on an Online Extortionist
An anonymous reader writes "When an online exortionist comes a knocking, threatining a DDoS, do you pay or fight? For many, paying may seem like a sensible option when compared to going out of buisness. CSO Magazine has a riveting article about how an online gambling site and a DDoS specialist teamed up to take on such an extortionist. When everybody else was rolling over and paying, this company risked its very existence to fight back. From the article: '"The attack went to 1.5Gb, with bursts up to 3Gb. It wasn't targeted at one thing. It was going to routers, DNS servers, mail servers, websites. It was like a battlefield, where there's an explosion over here, then over there, then it's quiet, then another explosion somewhere else," says Lyon. "They threw everything they had at us. I was just in shock."'"
If they actually get money, they'll do it again and again.
Any measure of success will encourage more of the same behaviour.
I would think in the situation that the e-mail was ignored, it would enrage the extortionist into firing a warning shot, one that would for SURE get the guy's attention. In fact, from the article, it looks like that is sort of what happened. He didn't respond, just first sought consultation and alerted his ISP. Then the extortionist sent a second threat, but not until he had crashed a few ISP servers to get some attention.
This is where R'ingTFA comes in...
If no joy from the authorities, I'm sure your local newsrag would be glad to shame the cops into doing something. Of course, if the extortionist is overseas, things might be a little difficult.
Again, this is where R'ingTFA comes in. I'd also add that one downside of moving your business to an unregulated third world country is that neither the local journalists nor the local cops are especially interested in your gringo problems. I don't understand why Scotland Yard bothered with him.
>> and everyone else at the company carry Glock 19's?
Please excuse my asking, oh well-armed-one, but WTF for?
The glock is a fine weapon, and being an admin for an ISP is a fine job, but I can't quite see the relationship between the two things...
http://request-header.info
The lesson is also that if you pay, they'll know you'll pay more.
There's a point where they keep coming back with higher numbers. If you look, they only guaranteed the protection for a year.
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
I don't know... I found the last paragraph grated against his super-hero image:
That's right. Lyon is one of the good guys. Still, Lyon's heroics weren't possible without Mickey Richardson's resolve. It's easy to forget that as Lyon worked to save him, Richardson considered paying off the extortionists. Now Richardson has a better option. Pay Lyon $50,000 a year and he's protected. He doesn't have to worry about paying extortionist's protection fees.
I've always found there to be a rather fine line between insurance and extortion. If the story is true, he probably is one of the good guys, but he's merely tapped into the revenue stream the extortionists created.
A steaming cup of soykaf would be real wiz right now.
And if it wasn't for ze Russians the Europe would have been the 3rd Reich today. Its amazing how much the West underestimates that Russians went all the way to Berlin to Hitler's bunker. I guess with the Cold War, the Russians just had to be evil, and while the Soviets defintely sugar-coated the history in their favor, I would not have expected that the "free" and "democtratic" US would also do it. Yeah I know, the Americans helped plenty,they gave the Ruskies Jeeps and other vehicles. But the still it those the Russians that died from Hiltler's and Stalin's hand.
I guess I could have been more clear. By having that equipment, and those type of customers, and that location, we had multiple reasons to be concerned for our lives. Just like any other time, being armed serves two purposes:
- To act as a deterrent
- To defend one's life, should someone disregard #1.
I absolutely repsect the sanctity of life. I just respect the sanctity of my life slightly higher than everyone elses. (except for my kids, of course)From a purely economic standpoint, it makes me wonder who's the real "extortionist"...
Have fun: Join D.N.A. (National Dyslexics Association)
No no no, Russians sell stolen hacked ICQ accounts because everyone wants either an easy to remember ICQ# or a really low ICQ#.
I frequent these Russian forums frequently where they are giving away 5 digit ICQ# to the first person to read the post.
However, the most amazing thing is, if I had the ability to direct 10,000 zombie systems to attack websites for extortion money, you could bet that every type of online communication I engaged in would be done thru no less than 5 different proxies, for every type of service, with an excrypted tunnel between me and the first proxy, and with complete control of that first proxy to erase full logs afterward.
You think that these guys are brilliant, but they're really just a bunch of stupid script using kidhacks.
I would be interesting to know what percentage of the zombie machines were windows...
So that's what someone's life is worth now? A "few hundred thousand dollars"?
In Texas there is no lower limit. You can shoot someone in the back who is running away from you and is no longer on your property, as long as they stole from you and you can expect that you won't see it again if they make off with it and you would be at risk if you caught them. That's pretty much a blank check to shoot a robber in the back.
The very idea of killing someone over something so trivial as a router makes me sick.
I'm a raving liberal when it comes to most things, but I seem to be on the rabid conservative side for this one issue. Why is their right to steal from me greater than my right to stop them? I have the right to be secure in my person and property. They do not have the right to be secure in my property, only their own.
Using deadly force to stop a felony seems quite reasonable. Using deadly force to stop a car chase seems quite reasonable. Deadly force should be used to stop crimes in progress and to stop those after crimes are committed if failure to do so would result in them getting away. If you don't like it, quit committing felonies.
Learn to love Alaska
Along with IPS in general, I think a lot of the devices out there have some pretty good rate-limiting and SYN flood mitigation, however, they all seemed to miscalculate the sheer amount of processing power it takes to do deep packet inspections and protocol verification. Prolexic's network is currently representing about 10 Terahertz of processing ability just for the DPI, so hoping a single FPGA based hardware device will do the trick may be a bad idea. Also, most devices can not handle out-of-state TCP based attacks (see: Riverhead), so keep your eyes out on that too.
Prolexic often gets new customers when the TopLayer, Tipping Point, and Riverhead gear fails, so I don't see how anyone could be comfortable with just a single unit to save the day when there are people out there that will take down DNS servers, router serial interfaces, carriers, do long lived TCP sessions to slow down web servers, HTTP connection floods, and anything else they can think of to just hurt the network (75k machines all doing random searche quries on a cgi, etc.)
Further, a box does not have much of a turn-around time, so just call Tipping Point at 2 AM on sunday when the network failed and nobody has any clue with what is going on. Then wait for their one good programmer to fix the FPGA issue and a week later cross their fingers that whatever they did can stop the botnet that is causing someone's business to fail.
I may just be a little beat up from all the traffic we deal with, but it's a little isane to say things like, "we have box X, its magic will fix everything."
-Barrett
I am myself a gun owner and a vocal proponent of the Second Amendment, and I have to say I could not disagree more with what you are saying. It's this kind of testosterone-driven false bravado and thoughtless remarks that give real firearm enthusiasts a bad name.
Deadly force is a last-resort measure that should be employed only when there is direct risk to your life or the lives of others. If someone else is threatening or attacking you with a gun, or if someone comes at you with a knife or something, or someone is subjecting another person to such a threat, you are justified in shooting them. But how can you justify taking someone's life because they're about to make off with your hubcaps or your computer?
The power to take a life carries a tremendous responsibility to use that power only when it is necessary in order to protect the lives of others. Anyone who says otherwise clearly does not understand the responsibility that comes with wielding deadly force, and the sooner the crackpots who kill some poor kid to save their property are hauled off to prison, the better.
Your post smacks of the attitude of a kid who's never actually held a gun, much less been in a situation where it was necessary to use it. I haven't had to fire upon another human being either, but I know people who have; my father's gun saved his life on several occasions, and a friend of mine is a police officer. Think before you speak, maybe.
P.S: I have to say I do agree that sometimes deadly force should be used to stop a car chase. If the suspect represents a direct threat to innocent life, or the moment they make an assault with their vehicle, any measure required to stop them should be employed. However, in a pursuit situation, the best option is to simply let the suspect get away - unless you know that they do in fact pose an immediate threat (say, they're an escaping murder, or they have a hostage, or something of that magnitude), it's simply not worth the risk to public safety that is involved in a high-speed pursuit. It's sad the number of times innocent people have been injured or killed because the cops didn't want to let a drug dealer or two-bit robber get away.
could be usefully forged.
Unless ISPs got off their asses and implemented egress filtering for packets leaving their networks. Cable modem in Florida spewing packets addressed from China? Holy shit, I think they're bogus! The closer you filter these bogus packets to the source, the less traffic any given filter has to deal with, PLUS the smaller network size it has to accept packets from, leading to a reduced chance of dropping or allowing the wrong packets.
If I have been able to see further than others, it is because I bought a pair of binoculars.