Taking on an Online Extortionist
An anonymous reader writes "When an online exortionist comes a knocking, threatining a DDoS, do you pay or fight? For many, paying may seem like a sensible option when compared to going out of buisness. CSO Magazine has a riveting article about how an online gambling site and a DDoS specialist teamed up to take on such an extortionist. When everybody else was rolling over and paying, this company risked its very existence to fight back. From the article: '"The attack went to 1.5Gb, with bursts up to 3Gb. It wasn't targeted at one thing. It was going to routers, DNS servers, mail servers, websites. It was like a battlefield, where there's an explosion over here, then over there, then it's quiet, then another explosion somewhere else," says Lyon. "They threw everything they had at us. I was just in shock."'"
If they actually get money, they'll do it again and again.
Any measure of success will encourage more of the same behaviour.
I would think in the situation that the e-mail was ignored, it would enrage the extortionist into firing a warning shot, one that would for SURE get the guy's attention. In fact, from the article, it looks like that is sort of what happened. He didn't respond, just first sought consultation and alerted his ISP. Then the extortionist sent a second threat, but not until he had crashed a few ISP servers to get some attention.
This is where R'ingTFA comes in...
If no joy from the authorities, I'm sure your local newsrag would be glad to shame the cops into doing something. Of course, if the extortionist is overseas, things might be a little difficult.
Again, this is where R'ingTFA comes in. I'd also add that one downside of moving your business to an unregulated third world country is that neither the local journalists nor the local cops are especially interested in your gringo problems. I don't understand why Scotland Yard bothered with him.
>> and everyone else at the company carry Glock 19's?
Please excuse my asking, oh well-armed-one, but WTF for?
The glock is a fine weapon, and being an admin for an ISP is a fine job, but I can't quite see the relationship between the two things...
http://request-header.info
I don't know... I found the last paragraph grated against his super-hero image:
That's right. Lyon is one of the good guys. Still, Lyon's heroics weren't possible without Mickey Richardson's resolve. It's easy to forget that as Lyon worked to save him, Richardson considered paying off the extortionists. Now Richardson has a better option. Pay Lyon $50,000 a year and he's protected. He doesn't have to worry about paying extortionist's protection fees.
I've always found there to be a rather fine line between insurance and extortion. If the story is true, he probably is one of the good guys, but he's merely tapped into the revenue stream the extortionists created.
A steaming cup of soykaf would be real wiz right now.
From a purely economic standpoint, it makes me wonder who's the real "extortionist"...
Have fun: Join D.N.A. (National Dyslexics Association)
So that's what someone's life is worth now? A "few hundred thousand dollars"?
In Texas there is no lower limit. You can shoot someone in the back who is running away from you and is no longer on your property, as long as they stole from you and you can expect that you won't see it again if they make off with it and you would be at risk if you caught them. That's pretty much a blank check to shoot a robber in the back.
The very idea of killing someone over something so trivial as a router makes me sick.
I'm a raving liberal when it comes to most things, but I seem to be on the rabid conservative side for this one issue. Why is their right to steal from me greater than my right to stop them? I have the right to be secure in my person and property. They do not have the right to be secure in my property, only their own.
Using deadly force to stop a felony seems quite reasonable. Using deadly force to stop a car chase seems quite reasonable. Deadly force should be used to stop crimes in progress and to stop those after crimes are committed if failure to do so would result in them getting away. If you don't like it, quit committing felonies.
Learn to love Alaska
Along with IPS in general, I think a lot of the devices out there have some pretty good rate-limiting and SYN flood mitigation, however, they all seemed to miscalculate the sheer amount of processing power it takes to do deep packet inspections and protocol verification. Prolexic's network is currently representing about 10 Terahertz of processing ability just for the DPI, so hoping a single FPGA based hardware device will do the trick may be a bad idea. Also, most devices can not handle out-of-state TCP based attacks (see: Riverhead), so keep your eyes out on that too.
Prolexic often gets new customers when the TopLayer, Tipping Point, and Riverhead gear fails, so I don't see how anyone could be comfortable with just a single unit to save the day when there are people out there that will take down DNS servers, router serial interfaces, carriers, do long lived TCP sessions to slow down web servers, HTTP connection floods, and anything else they can think of to just hurt the network (75k machines all doing random searche quries on a cgi, etc.)
Further, a box does not have much of a turn-around time, so just call Tipping Point at 2 AM on sunday when the network failed and nobody has any clue with what is going on. Then wait for their one good programmer to fix the FPGA issue and a week later cross their fingers that whatever they did can stop the botnet that is causing someone's business to fail.
I may just be a little beat up from all the traffic we deal with, but it's a little isane to say things like, "we have box X, its magic will fix everything."
-Barrett