Slashdot Mirror
Taking on an Online Extortionist
An anonymous reader writes "When an online exortionist comes a knocking, threatining a DDoS, do you pay or fight? For many, paying may seem like a sensible option when compared to going out of buisness. CSO Magazine has a riveting article about how an online gambling site and a DDoS specialist teamed up to take on such an extortionist. When everybody else was rolling over and paying, this company risked its very existence to fight back. From the article: '"The attack went to 1.5Gb, with bursts up to 3Gb. It wasn't targeted at one thing. It was going to routers, DNS servers, mail servers, websites. It was like a battlefield, where there's an explosion over here, then over there, then it's quiet, then another explosion somewhere else," says Lyon. "They threw everything they had at us. I was just in shock."'"
"We will fight them in the CAT5, on the routers, in the packets. We will never surrender"
:)
Or however he said it
I enjoy large posteriors and I cannot prevaricate.
Don't respond. They'll think you didn't see their email.
Very long but very interesting. Glad to see they caught some of them. They mentioned a hacked icq account.. That just seemed odd to me since ICQ accounts are free.. Anyone know what they were talking about?
There exists some positive integer N that you are the Nth person to read this signature.
"They threw everything they had at us. I was just in shock."
I guess that includes getting a mention on Slashdot?
Troc
Troc's dubious podcast and blog: http://www.trocnet.net
Seems kinda brutal to hit them with another DDOS.
Slashdot's name? When my compiler sees
Or maybe it was planned this way. Nothing says offline like a link from slashdot.
It makes me wonder if this new anti-DDoS company can somehow establish relationships with ISPs to track back the zombies and get them shut down more quickly? Seems that would be the sanest and most effective tool -- take away the bots. No bots -- no botnet -- no attacks.
John
Presumably, they will give you some way to pay them (else what is the point?). Point the cops and or feds at that contact, and see what happens.
Extortion is extortion, be it physical or bandwidth.
If no joy from the authorities, I'm sure your local newsrag would be glad to shame the cops into doing something. Of course, if the extortionist is overseas, things might be a little difficult.
Mirror here.
First time those 2 go hand in hand....
Any guest worker system is indistinguishable from indentured servitude.
Is anyone else revelling in the hilarious irony that the site about surviving a DDoS attack has been Slashdotted? Or is that just me?
If they actually get money, they'll do it again and again.
Any measure of success will encourage more of the same behaviour.
Glad to see someone standing up to these thugs. I remember a few years ago, the ISP that I admin'd hosted the connection for http://www.defcon.org/. We had someone start a Smurf attack from the Con, targetting our inbound T3's. We were able to track it down, and actually snatch him out of his seat right there at the con. He promptly apologized (I think, he only spoke german, IIRC). The look on his face was priceless. Oh, did I mentioned that me, and everyone else at the company carry Glock 19's? Yeah, we didn't have any more problems for the rest of the con. Everyone was on their best behaviour. A bunch of fine, upstanding individuals. :)
What I don't understand about the Roland Piquepaille thing is why what anything he does is bad! He says "come look at my site!" instead of directing people elsewhere, even though his blog's content isn't all that spectacular.
How is that different from the entire rest of the internet? An awful lot of blogs link news stories with a bit of commentary and want people to read them. Slashdot submitters are free to submit their own sites. The problem is with slashdot editors accepting fairly dumb submissions. That seems to be the problem. Not that Roland Piquepaille is acting scandalously.
xkcd.com - a webcomic of mathematics, love, and language.
An online wallet inspector demanded I send him my billfold posthaste. I never got it back. Be forewarned.
Find out where they live and call their mom.
"Never... have so few... been pinged so much, by so many, zombified by so few..."
I've always wondered...when a site is slashdotted, it implies that the site has been hit by high referrals from slashdot, causing it to become slow or go down totally.
But how does slashdot itself cope with the high traffic?
So much for the article.
Extorting a gambling site? That strikes me as a LLM (life limiting move, c.f. career limiting move).
Many gambling sites still have connections to, shall we say, respectible businessmen of the Italian or Asian pursuasion, who are used to handling such matters extra-legally.
You might just wake up one day with your computer's monitor (cables severed with an ax) in bed with you.
Or Guido and Nunzio standing over you, giving you tips on the finer points of extortion while they wait for the concrete to set.
www.eFax.com are spammers
welcome our Windows zombie machines overlords. (food for thought).
Some ISPs are doing customer-level ingres filtering -- e.g. if the "other end" of the cable modem gets a packet whose src address is not that of the cable modem, drop it on the floor, it's forged.
The ease of infecting home XP systems remotely means you sometimes find teenagers with tens of thousands of zombie computers at their control. They can sell them to spammers, too.
The ease of doing massive DDoS attacks is why I stopped running an IRC server, and also stopped a research project I was doing related to inter-protocol messaging. It wasn't worth the hassle.
Fighting back is hard if you don't know who to fight, but in the case of extortion, (1) document everything on paper, (2) keep timestamped printed IRC logs of all conversations, and full email printouts; (3) ask some other people to print copies of their IRC logs when appropriate. Then contact the RCMP (or if you are in the USA, the FBI, but in the USA you need to show financial damage of $5,000 or more). Don't wait until it's all over before contacting them.
Good luck!
Liam
Live barefoot!
free engravings/woodcuts
I don't know why. I have been reading everything wrong lately.
Here are the federal extortion laws. Wouldn't the FBI get involved if there is proof of extortion? Can't the attackers be caught easily when trying to cash in?
I wonder if some sort of class-action suit wouldn't be appropriate against the vendors of software which allows computers to become zombies?
...today the hosts of Slashdot.org, an everything geek website, was accused of causing a DDoS on an online magazine's website. It seems that for several hours the site was unavailable as a result. Site owners of Slashdot.org refused to comment as the zombies they were using had no choice but to hit the link to the downed web site time and again.
More like gambling on putting your PC on the internet. Will it become a zombie or not?
Just hazarding a guess, extortionists favor Windows over other leading brand operating systems. Some sales pitch...
A feeling of having made the same mistake before: Deja Foobar
"How CSO Online took on Slashdot... and LOST."
I'm glad that somebody's standing up to the jerk though... people who do stuff like that are wasting perfectly good matter.
Windows isn't the answer... it's the question. NO is the answer!
The thing with these DOS extortionist is that unlike the mafia or other groups they do not protect you from other extortinist. If you pay them thay can stop their attact, but if someone else try to attack you they cannot do anyting.
mirrordot is hosted at puregig internet, the same puregig internet referenced in the article. pg is also home to easynews
pg is an awesome provider. super fat pipes, excellent uptime, and *very* smart people. they're my uplink for home. sure, they're not the cheapest hosting or service provider out there, but they are completely worth it
vodka, straight up, thank you!
I think the fuss was that he alledgedly pasted in 90% of an article on his site (but including a link to the original somewhere on his page), made one or two not-so-insightful comments and submitted his page to /. instead of the link he researched his story from.
When the slashdotting began, he made a lot off all the ads on his site.
People were cross that they were pointed to a 'version' of the story when they could have been pointed to the actual story itself, and that someone was profitting off that style of journalism (rightly or wrongly).
Am i the only one who was sitting on the edge of my seat while reading the battlefield analogy? This is unexplored movie territory with some great potentiol. "Behind CAT5 Lines"
This is an appeal to network admins working at ISPs, whether large or small. You have a responsibility to make sure that spam/attack zombies don't exist on your networks. These days it's a trivial task to check to make sure you're not part of the problem. This can be scripted so that you receive periodic reports of problem hosts on your system, which you can then firewall, disconnect, or restrict access to.
There are so many blacklists these days, so just use rsync to grab fresh copies of AHBL, CBL, DSBL, SORBS, whatever. Then run through grepcidr to see if any IPs from your network(s) are on the blacklists. So easy, and you'll be protecting both yourself and others from malicious zombies.
Okay, I first read that as "Online Exorcist." I'm thinking, how does THAT work? TO: Satan@littlegirlshead.com
From: Father Mayai (Yes, you may!)
Subject: Notice of Eviction
As disgusting it is to hear about "online extortionists", I prefer them to the rl extortionists. The former might direct an army of zombies at your servers and ddos the hell out of them. But the latter direct a gang of hoodlums at you to make your knees deny their service.
Too bad that we now have both and that the online guys aren't replacing the rl ones.
It's like a battlefield out there! It seems like these extortionist had it (have it?) pretty easy, preying on companies who might not be able to defend themselves or afford the people who could help them...
http://tech-hawg.blogspot.com
But like I said, he's cleaned up his act in recent months, so I no longer have a beef with him. Some folks, on the other hand, still hold this against him--which isn't an entirely unreasonable position to take.
Obliteracy: Words with explosions
... Since one can always submit some bogus article to /. and have a true fully distributed attack without any fear of consequences for yourself. :)
Dane-geld
:)
(A.D. 980-1016)
IT IS always a temptation to an armed and agile nation,
To call upon a neighbour and to say:--
"We invaded you last night--we are quite prepared to fight,
Unless you pay us cash to go away."
And that is called asking for Dane-geld,
And the people who ask it explain
That you've only to pay 'em the Dane-geld
And then you'll get rid of the Dane!
It is always a temptation to a rich and lazy nation,
To puff and look important and to say:--
"Though we know we should defeat you, we have not the time to meet you.
We will therefore pay you cash to go away."
And that is called paying the Dane-geld;
But we've proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane.
It is wrong to put temptation in the path of any nation,
For fear they should succumb and go astray,
So when you are requested to pay up or be molested,
You will find it better policy to says:--
"We never pay any one Dane-geld,
No matter how trifling the cost,
For the end of that game is oppression and shame,
And the nation that plays it is lost!"
- Rudyard Kipling
Anyone willing to try their hand at "updating" this to fit online extortion? This could be lots of fun
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Including, apparently, a good slashdotting.
and a Whiz Kid
Took On an Extortionist
and Won Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this. Saturday, Nov. 22, 2003, 7:57 a.m.
Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."
Richardson runs BetCris.com, an online wagering site, one of hundreds of sites ensconced in Costa Rica that take bets from Americans (and others around the world) without concern for U.S. bookmaking laws. Richardson received the e-mail just as he and his competitors were preparing for the year's busiest wagering season. With pro and college football, pro and college basketball and other sports in full swing, and with Thanksgiving and Christmas about to create plenty of free time, BetCris and the others stood to rake in millions over the holidays. Richardson was even planning an advertising blitz for the season to drive new traffic to his site.
If BetCris went down, he knew his customers would find another online bookie, "which will cost you tens of thousands of dollars in lost wagers and customers," the extortionists reminded him.
Despite all that, the e-mail didn't have the fearsome effect on Richardson that the extortionists hoped it would. He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I saidGod, in hindsight, what an idiotI said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
As a precaution, Richardson alerted his ISP, but essentially, he says, "We kind of fluffed it off." The veteran bookmaker didn't panic because, in fact, he had dealt with online extortionists before. Two years earlier, hackers crashed BetCris.com with a denial-of-service (DoS) attack, and then demanded by e-mail a $500 protection fee in eGold (an online form of trading bullion). Richardson paid without a second thought. Compared to downtime, $500 was trivial.
That first attack got his attention, though. Richardson consulted another industry veteran who confessed to having a similar problem, and who told Richardson to call a consultant named Barrett Lyon in Sacramento, Calif. Lyon didn't come to BetCris's officeshe had no interest in baby-sitting infrastructure in Costa Ricabut he did recommend some off-the-shelf products that had recently been developed specifically to fight DoS attacks. Lyon thought (actually he hoped) that he'd never hear from them again. Richardson and Lebumfacil were confident they had protected themselves.
When the attack finally came on that Saturday in November, sometime after that first e-mail but before 11:30 a.m., BetCris crashed hard. The off-the-shelf products Lyon had recommended survived less than 10 minutes. BetCris's ISP crashed, and then the ISP for BetCris's ISP crashed. Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
At 1:03 p.m., another e-mail arrived. "I guess you have decided to fight instead of making a deal. We thought you were smart.... You have 1 hour to make a deal today or it will cost you $50K to make a deal on Sunday." Then they knocked BetCris.com offline again.
The Extortion Problem
We know this about online extortion: It happens. Evidence of its prevalence or damage is speculative and anecdotal but useful nonetheless in guiding CSOs to understand the nature of the crime. Anecdotally, experts from law enforcement and information security consultants believe that perhaps one in 10 companies has been threatene
Hey, leave me out of this! I can't even get my own articles accepted.
Dewey, what part of this looks like authorities should be involved?
Just tell a company that if they don't pay you, you'll have their site Slashdotted!
Works for every other damn site.
GET FREE APPLE STUFF!
I wonder, if somthing like this happened if an offshore company could cut a quick deal with an American company to steer some traffic to an American server to get the FBI involved. I don't know what the legal rammifications would be since it's an offshore gambling site and all. ... damn, their server is running slow. Maybe it's being DDOSed. Not enough posts yet to be slashdotted.
___
It's the end of my comment as I know it and I feel fine.
And Rudyard Kipling wrote about it best.
How a Bookmaker
and a Whiz Kid
Took On an Extortionist --
and Won
Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this.
CSO Magazine
May 2005
By Scott Berinato
Saturday, Nov. 22, 2003, 7:57 a.m.
Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."
Richardson runs BetCris.com, an online wagering site, one of hundreds of sites ensconced in Costa Rica that take bets from Americans (and others around the world) without concern for U.S. bookmaking laws. Richardson received the e-mail just as he and his competitors were preparing for the year's busiest wagering season. With pro and college football, pro and college basketball and other sports in full swing, and with Thanksgiving and Christmas about to create plenty of free time, BetCris and the others stood to rake in millions over the holidays. Richardson was even planning an advertising blitz for the season to drive new traffic to his site.
If BetCris went down, he knew his customers would find another online bookie, "which will cost you tens of thousands of dollars in lost wagers and customers," the extortionists reminded him.
Despite all that, the e-mail didn't have the fearsome effect on Richardson that the extortionists hoped it would. He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I said--God, in hindsight, what an idiot--I said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
As a precaution, Richardson alerted his ISP, but essentially, he says, "We kind of fluffed it off." The veteran bookmaker didn't panic because, in fact, he had dealt with online extortionists before. Two years earlier, hackers crashed BetCris.com with a denial-of-service (DoS) attack, and then demanded by e-mail a $500 protection fee in eGold (an online form of trading bullion). Richardson paid without a second thought. Compared to downtime, $500 was trivial.
That first attack got his attention, though. Richardson consulted another industry veteran who confessed to having a similar problem, and who told Richardson to call a consultant named Barrett Lyon in Sacramento, Calif. Lyon didn't come to BetCris's offices--he had no interest in baby-sitting infrastructure in Costa Rica--but he did recommend some off-the-shelf products that had recently been developed specifically to fight DoS attacks. Lyon thought (actually he hoped) that he'd never hear from them again. Richardson and Lebumfacil were confident they had protected themselves.
When the attack finally came on that Saturday in November, sometime after that first e-mail but before 11:30 a.m., BetCris crashed hard. The off-the-shelf products Lyon had recommended survived less than 10 minutes. BetCris's ISP crashed, and then the ISP for BetCris's ISP crashed. Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
At 1:03 p.m., another e-mail arrived. "I guess you have decided to fight instead of making a deal. We thought you were smart.... You have 1 hour to make a deal today or it will cost you $50K to make a deal on Sunday." Then they knocked BetCris.com offline again.
The Extortion Problem
We know this about online extortion: It happens. Evidence of its prevalence or damage is speculative and anecdotal but useful nonetheless in guiding CSOs to understand the nature of the crime. Anecdotally, experts from law enforcement and information security consultants believe that perhaps one in 1
Online Extortion
How a Bookmaker
and a Whiz Kid
Took On an Extortionist --
and Won
Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this.
By Scott Berinato
Saturday, Nov. 22, 2003, 7:57 a.m.
Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."
Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
Richardson runs BetCris.com, an online wagering site, one of hundreds of sites ensconced in Costa Rica that take bets from Americans (and others around the world) without concern for U.S. bookmaking laws. Richardson received the e-mail just as he and his competitors were preparing for the year's busiest wagering season. With pro and college football, pro and college basketball and other sports in full swing, and with Thanksgiving and Christmas about to create plenty of free time, BetCris and the others stood to rake in millions over the holidays. Richardson was even planning an advertising blitz for the season to drive new traffic to his site.
Ripe Targets for Online Extortion
Who, What, When, Where, Why & How
Read More
If BetCris went down, he knew his customers would find another online bookie, "which will cost you tens of thousands of dollars in lost wagers and customers," the extortionists reminded him.
Despite all that, the e-mail didn't have the fearsome effect on Richardson that the extortionists hoped it would. He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I said--God, in hindsight, what an idiot--I said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
As a precaution, Richardson alerted his ISP, but essentially, he says, "We kind of fluffed it off." The veteran bookmaker didn't panic because, in fact, he had dealt with online extortionists before. Two years earlier, hackers crashed BetCris.com with a denial-of-service (DoS) attack, and then demanded by e-mail a $500 protection fee in eGold (an online form of trading bullion). Richardson paid without a second thought. Compared to downtime, $500 was trivial.
That first attack got his attention, though. Richardson consulted another industry veteran who confessed to having a similar problem, and who told Richardson to call a consultant named Barrett Lyon in Sacramento, Calif. Lyon didn't come to BetCris's offices--he had no interest in baby-sitting infrastructure in Costa Rica--but he did recommend some off-the-shelf products that had recently been developed specifically to fight DoS attacks. Lyon thought (actually he hoped) that he'd never hear from them again. Richardson and Lebumfacil were confident they had protected themselves.
When the attack finally came on that Saturday in November, sometime after that first e-mail but before 11:30 a.m., BetCris crashed hard. The off-the-shelf products Lyon had recommended survived less than 10 minutes. BetCris's ISP crashed, and then the ISP for BetCris's ISP crashed. Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
At 1:03 p.m., another e-mail arrived. "I guess you have decided to fight instead of making a deal. We thought you were smart.... You have 1 hour to make a deal today or it will cost you $50K to make a deal on Sunday." Then they knocked BetCris.com offline again.
The Extortion Problem
We know this about online extortion: It hap
I, for one, welcome our new Antichrist overlord.
We need to mirror them as well, they just got slashdotted. (oops..)
:)
I thought that was the point of having mirrordot
this is the most epic and action-packed article i have ever read.
www.gaian-mind.org - eco-punk/crust coop and collective | www.anarchistfederation.org - so cal anarchist federation
Makes you look less geeky.
I'm not tense. I'm just terribly, terribly, alert.
Is it just me, or is the author none-too-subtly suggesting at the end of what seems a pretty flattering article that the one who engineered the defence is in collusion with the exortionists, and that paying him for help is essentially paying a protection fee? The turnabout in tone is so abrupt it seems like the last few paragraphs were written by a different person.
The only thing I'm reminded of is the telling of a guy who sought palindrome ICQ account numbers with email addresses from XS4ALL assigned to them, of which the email accounts had expired. Apparently he found a few, and through XS4ALL, he would re-create these expired email accounts, then have the old password sent to him. A weird collectible, and probably not the story you were looking for. :-)
Take off every 'ZIG' !!
God knows your /. ID is low enough that it might be true.
... dangerous. :)
Watch it with the age slurs there, sonny. That could get
I especially liked the ending. Finally a legal criminal that really delivers :P
Don't bother - it summarizes Shining Hero Californian defeats Evil Russian DDOS attacker. By the time I had finished reading the article, all my 'this is all complete BS and astroturf' posts were ignored.... Sure, this is impressive. Sure, it's nice that he might have done these things. However, this is more an epic story / advertisement than actual information or news.... This looks like a bunch of unbacked and unsupportable drivel to me. Who on earth bothers hacking an ICQ account? These vicious scary uber-powerful Russians with 10,000 + computers at their fingertips that can knock out even online gambling sites... Pay this man, and he will not only make them go away, but have them arrested in their dark, shabby apartments in the middle of freezing St. Petersburg.
My little site.
It just occured to me that when one company pays, that just provides additional resources to the extortionists. Could that be considered a crime? Providing financial support to a criminal enterprise or some such? If a competitor has paid and then they come for you, can you sue your competitor? I know, I know, nobody tells when they pay, but in principle could it be treated this way?
did anyone else notice that this is a november 2003 article?
That's not always possible when Slashdot has linked to something, as in this case. Still looking for a mirror to RTFA. :(
Starting Feb 2004, my site was hit by a powerful DDoS attack. It knocked out my web server and it nearly took out my web host's switch in the data center. I never got any demands or letters or figured out who caused it.
Anonymizer.net tried to help me by putting my domain behind a series of rotating proxy servers. Their whole network crashed after 6 hours and they had to stop helping me.
Finally my web host hit on the right idea. I set up a half dozen virtual private servers (VPS) at Globalservers.com (same company that hosts about.com and freeservers) and my host installed a proxy server on each one called twhttpd and set them all to route traffic to and from my web server at his data center.
Then I set up an account at ZoneEdit and added all the IPs for the proxy servers with a failover system. Every time the bastards knocked out one of the proxy servers, ZoneEdit would detect that the server was borked and switch to another one. With the load reduced, the dead proxy came back on its own a few minutes later.
After about 6 months of this, they finally gave up and I won.
Only on
mirrordot opened just fine when I checked it.
I personally hate his site because it is 100% fucking bullshit. Lot of hype on /. submissions. If you then proceed to read the crap he has copy&pasted from somewhere else, you find it isn't actually anything interesting.
I'd prefer to have him taken behind the sauna and have a blast at his face with shotgun.
Bot Assisted Blogging
The lesson is also that if you pay, they'll know you'll pay more.
There's a point where they keep coming back with higher numbers. If you look, they only guaranteed the protection for a year.
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
i can't read the story, but a lot of comments suggest contacting the FBI
stoopid question but:
what law did they break?
if they used their own bandwidth, then they just sent packets to your public website, right?
This is kind of like some spammer emailing me saying "i currently spam you lots and lots and lots, if you give me *money* i'll stop spamming". Ironically, this is just one more piece of spam in my inbox. Why would this spam be criminal, and the thousands of XXX VIAGRA CIALIS XXX be fine?
So,
I'm trying to read the article and that is giving me another "business idea".
"Give me $10 000 or I'll submit an article to Slashdot with a link to your web site".
Distributed Denial of Service!
The Internet is full. Go Away!!!
The whole name thing happens pretty often. It just made me think...what happened to the "New Here" guy? Is he still around? I know it got old after a while, but it seems like he just fell off the face of the earth.
Dang, the page is borked. How much does Slashdot charge to NOT put links out to?
Everything that bastard submits gets accepted! You could submit "How scientists cracked the light speed barrier" and get rejected and then he comes along behind you with "Anatomy of a cheez doodle" and gets accepted! God I hate him! Hate hate hate! Yup...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
--
Do I look like I speak for my employer?
Comment removed based on user account deletion
What the matter? 3Gb are just around 350MB, I download that daily. Oh wait, you meant 3Gb per second?
As if technical incompetence wasn't bad enough. What's the next step? "Threatining" "buisnesses" with bad spelling all day?
Of course it runs NetBSD. BTC: 1NT7QvbetmANwaMzhpVL6
as in really old news, as in last year old news. I wish i had the /. link.
I mod down so you can mod up. Your welcome.
Page is unavailable already.
RHCE; are you certified? Karma: ambiguous.
Over 200 comments and only a handful seem to suggest that Windows insecurities play a big role in these incidents? I'd love to see some numbers from Prolexic about how many of the zombies they've discovered are unpatched Windows boxes sitting on cable modems and dsl lines. To be fair, yes, it may very well include some buggy Linux boxes also. We all know which OS is really targetted the most, though.
When are governments going to step in and start placing reasonable requirements for software security? When are they going to start punishing the companies that ship the buggy software that is entirely responsible for the existence of the online extortionist industry?
Fix bugs, no zombies.
No zombies, no botnet.
No botnet, no DDoS.
No DDoS, no extortion.
Pretty neat post.
What's really strange is that when I first looked at your post, it was modded up to +5. Now it's only +3, with some "overrated" and "flamebait" attributes.
It sure seems like someone with mod points took issue with what you said, even though I do not consider your post to be flamebait in the least.
They're probably thinking they're getting DDos'd, I wonder if anyone warned them about getting /.'d
providing they leave his very important and highly secure network alone ( oh its address ? 127.0.0.1 )
And thats why Firecrackers and kittens don't mix.
The parent is not a mirror, it just a link to somebody's cute version of Google...
How about if the extortion proceeds were being used to fund insurgent activities in Iraq, or some other form of terrorism. Suddenly the FBI and the CIA would care very much. Now, I can't say that such a thing is happening, but I can't say it isn't, either. Maybe that money is going to buying fast cars, booze, and 133t hardware, but just maybe it's going somewhere else...
The "War on Terror" causes us enough grief and annoyance, maybe it could do something we like, too.
The living have better things to do than to continue hating the dead.
I'll do it
/goes behind the barn
*BLAM!*
Where does the school board find them and why do they keep sending them to ME?
...is submitting a story to /. the last revenge of the DDOS extortioner?
All's true that is mistrusted
From the album "Powerslave", c. 1984
Steve Harris
There goes the siren that warns of the air raid
Then comes the sound of the guns sending flak
Out for the scramble we've got to get airborne
Got to get up for the coming attack.
Jump in the cockpit and start up the engines
Remove all the wheelblocks there's no time to waste
Gathering speed as we head down the runway
Gotta get airborne before it's too late.
Running, scrambling, flying
Rolling, turning, diving, going in again
Run, live to fly, fly to live, do or die
Run, live to fly, fly to live. Aces high.
Move in to fire at the mainstream of bombers
Let off a sharp burst and then turn away
Roll over, spin round and come in behind them
Move to their blindsides and firing again.
Bandits at 8 O'clock move in behind us
Ten ME-109's out of the sun
Ascending and turning our spitfires to face them
Heading straight for them I press down my guns
Rolling, turning, diving
Rolling, turning, diving, going in again
Run, live to fly, fly to live, do or die
Run, live to fly, fly to live, Aces high.
Xenon, where's my money? -Borno
and a Whiz Kid
Took On an Extortionist -
and Won Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this.
By Scott Berinato
Saturday, Nov. 22, 2003, 7:57 a.m.
Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."
Richardson runs BetCris.com, an online wagering site, one of hundreds of sites ensconced in Costa Rica that take bets from Americans (and others around the world) without concern for U.S. bookmaking laws. Richardson received the e-mail just as he and his competitors were preparing for the year's busiest wagering season. With pro and college football, pro and college basketball and other sports in full swing, and with Thanksgiving and Christmas about to create plenty of free time, BetCris and the others stood to rake in millions over the holidays. Richardson was even planning an advertising blitz for the season to drive new traffic to his site.
If BetCris went down, he knew his customers would find another online bookie, "which will cost you tens of thousands of dollars in lost wagers and customers," the extortionists reminded him.
Despite all that, the e-mail didn't have the fearsome effect on Richardson that the extortionists hoped it would. He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I said - God, in hindsight, what an idiot - I said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
As a precaution, Richardson alerted his ISP, but essentially, he says, "We kind of fluffed it off." The veteran bookmaker didn't panic because, in fact, he had dealt with online extortionists before. Two years earlier, hackers crashed BetCris.com with a denial-of-service (DoS) attack, and then demanded by e-mail a $500 protection fee in eGold (an online form of trading bullion). Richardson paid without a second thought. Compared to downtime, $500 was trivial.
That first attack got his attention, though. Richardson consulted another industry veteran who confessed to having a similar problem, and who told Richardson to call a consultant named Barrett Lyon in Sacramento, Calif. Lyon didn't come to BetCris's offices - he had no interest in baby-sitting infrastructure in Costa Rica - but he did recommend some off-the-shelf products that had recently been developed specifically to fight DoS attacks. Lyon thought (actually he hoped) that he'd never hear from them again. Richardson and Lebumfacil were confident they had protected themselves.
When the attack finally came on that Saturday in November, sometime after that first e-mail but before 11:30 a.m., BetCris crashed hard. The off-the-shelf products Lyon had recommended survived less than 10 minutes. BetCris's ISP crashed, and then the ISP for BetCris's ISP crashed. Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
At 1:03 p.m., another e-mail arrived. "I guess you have decided to fight instead of making a deal. We thought you were smart.... You have 1 hour to make a deal today or it will cost you $50K to make a deal on Sunday." Then they knocked BetCris.com offline again.
The Extortion Problem
We know this about online extortion: It happens. Evidence of its prevalence or damage is speculative and anecdotal but useful nonetheless in guiding CSOs to understand the nature of the crime. Anecdotally, experts from law enforcement and information security consultants believe that
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
... or does this sound like an opening line for a soft-core porn flick?
"Lyon was 23 and looked at least that young. His blond hair offset a tan, handsome face. Allec says Lyon looked like he had given up a day of surfing to swing by and help out."
8==8 Bones 8==8
Oh the irony, Slashdot has now DDoSed CSO Magazine.
Movie News - "Entertainment news, bitch!"
Get out of my head, Bouncey Knolls!
Chernobyl 'not a wildlife haven' - BBC News
What guarantee do you have that they get the right guy?
What about these enforces making the threats, to get the payoff?
Every summer in North America there are some people starting wildfires in order to get a job fighting wildfires.
I'll stick to legal methods, it is less likely to be corrupt in my opinion.
If you're a libertarian...
Ben Hocking
Need a professional organizer?
"We will fight them, sir, until hell freezes over. And then, sir, we will fight them on the ice."
Work is punishment for failing to procrastinate effectively.
Im just curius if anyone have any stats on how common *nix zombies are. My perception is that its only Windows boxes.
If that is true this isnt something that should be dealt with at the gaming site. The real solution would ofcourse be filtering at the ISP level to stop spoofed IP's and better security in Windows.
HTTP/1.1 400
When you can just /. them?
What would happen if he had changed the dns of his website, to, i dunno, say the ip address of fbi.gov? The criminals would then be dossing fbi.gov and the fbi would immediately notice. If it wasn't a dns-based attack, it should be relatively easy to route all incoming traffic to another ip address.
I wonder if the guy that was originally being dossed would get in trouble for it.
Why read the article when I can just make up a snap judgement?
I'm the head network engineer at an isp.
2 years ago one of our customers recieved a DDOS email and he called me and asked me what he should do.
I told him to ignore it and honestly I found it quite amusing, thinking it was script kiddies.
I wasn't laughing 24hrs later as they completely saturated our pipes and our border routers (7206 VXR's at the time) were locked at 100% cpu.
I've taken serious steps since then to be ready. it wasnt a pleasant experience though and happened right in middle of business day.
"I have a vision: a zombie on every desk, and in every home"
... or "I'd Rather Have a Bottle in Front of Me" by Dr. Randy Hazlick. Just to track it further, Hanzlick has admitted to having acquired the line from bathroom wall graffiti at a hospital he was working at. The original quote was "I'd rather have a free bottle in front of me than a pre-frontal lobotomy." which carries some fun wordplay as well.
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
Ask them where to send the cash. Even if they give a PO box send your high scale accountant BUBBA to wait by the po box. Have Bubba follow the guy to his headquarters. Then have bubba politly do a manual denial of service attack on him.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Because you're going to help us, Mr. Anderson. Whether you like it... or not.
Weaselmancer
rediculous.
Comment removed based on user account deletion
This was a tie, at best. It still cost you time and money so you still came out a loser on that score; you just didn't lose as much, perhaps. As it stands now, they can attack someone else with impunity, and probably have. It's only a win if they are identified, prosecuted, and their zombies shut down. Everyone has to start thinking that way. It's only a win when they actually lose something, their anonymity, a few years of freedom and or money in fines, and their zombie network.
I have no need for such a program.
--grendel drago
Laws do not persuade just because they threaten. --Seneca
From a purely economic standpoint, it makes me wonder who's the real "extortionist"...
Have fun: Join D.N.A. (National Dyslexics Association)
I would be much less intimidated by an online contortionist. That's for sure.
"Pay up or I'll bend over backwards"!
The Internet is full. Go Away!!!
How ironic that a story about fighting DDoS attacks can't be read due to the Slashdot effect.
Even though casinos are always smothering my blog with blog spam making it useless, I would never stoop so low as to DDOS one in revenge. 0:-)
(can't believe I didn't think of the extorton thing)
On September 11, 2001, most of the news web servers were screaming under the load. If I recall correctly, slashdot was one of the few servers that could withstand the constant pounding and people were using it as a main source of up-to-the-minute information. (Slashback: http://slashdot.org/article.pl?sid=01/09/11/131425 8&tid=103)
I think even Fark was hit by a lot of time-outs for a while.
Cave, wreck, and deep diver.
They wanted me gone and I'm still here despite all they could do. I consider that a win.
Only on
I just use the new Browning Automatic Router (BAR). When it detects these kind of attacks it sends out a series of 9mm packets at a high rate to the servers that are attacking. When the servers are destroyed, hopefully the admins will secure the new ones better. This is much better (and cheaper) for those who have been hacked than blacklist. They learn something for only the cost of replacement.
All Windows problems are hardware problems. Don't load it on hardware, no problems.
I suppose someone called them and said "Pay us 1.5 million dollars immediately or else we'll submit this story to Slashdot and your site will be DDoSed for the next 24 to 48 hours!" ...I guess they didn't pay up. :)
[an error occured while processing this directive]
They added a mirror for CSO online. Browse to the following URL and it all starts magicall working.
www.csoonline.prolexic.com
He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I said--God, in hindsight, what an idiot--I said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
Is this guy's last name really 'The Easy Bum'? Wow, lol.
Tell him to drop it, and if he resists, shoot the little bastard.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Damnit, I just ran out of mod points. Otherwise you would have earned some right there. Very nicely done !
--LordPixie
Well, he doesn't seem to have a sufficient grasp of the English language to use capitalization correctly. What's more, he was too cowardly to sign his name and take credit for going against the status quo.
Sooo...the odds are pretty good ?
--LordPixie
p.s. I'm being facetious !
http://csoonline.prolexic.com/read/050105/extortio n.html
..mentioning coral as a way of reducing the /. effect is an excellent idea.
Thanks.
Even better idea - can't you copy off your main page, and redirect your main page's URL to a coralized link?
You forgot terrorists and IP thieves.
the layman's guide to computer science
Well, in this case, RTFA'ing is kinda hard, but in this particular instance that doesn't stop you from concluding that the article is indeed bullshit (if it wasn't bullshit, you'd be able to read it... think about it...ha!)
> The sad thing is that I remember that speech entirely because >it's used as an intro to the Iron Maiden song, "Aces High." Same here. I had the cassette...
- Mike T.
The broom being useful to sweep away all the Trojans that said hookers and Johns left on your upstanding company's parking lot...
I agree. It's like getting cancer. If it doesn't kill you that's a win.
Even if cancer still exists.
"Clothes make the man. Naked people have little or no influence on society." - Mark Twain
If 'the people' in Amendment 2 are 'the state' then Amendments 1, 2, 4, 9, and 10 benefit the state, not you.
The hostess raised her eyebrows and curtly responded, "Mr. Churchill, in this country we ask for white meat or dark meat."
"My apologies, Madam, I was not aware of your customs."
The following day, a thank you gift was delivered to the party's hostess with a large orchid. The following was written on the note: "I would be obliged if you would pin this on your white meat."
Ok, you're the second person I've seen reply with their slashdot username...
New_Here was the other... it was a messed up kind of deja-vu
Gravity Sucks
"In Texas there is no lower limit. You can shoot someone in the back who is running away from you and is no longer on your property, as long as they stole from you and you can expect that you won't see it again if they make off with it and you would be at risk if you caught them. That's pretty much a blank check to shoot a robber in the back."
This is plain wrong. I lived in Texas and this is NOT legal. To have a justifiable shooting, the person must be in your house or attempting to break into your house while you are there. Just like other states, if you shoot someone in the back as they are trying to escape, you are breaking the law. It's the old "did you feel that your life was threatened?".
Now, having said that, I must state that there can be some loose interpretations of what constitues "trying to break into your house". But on the whole, we aren't just a bunch of gun-toting people hunter's down here. Despite what the press would have you believe, most of us in TX are just like you and me.
It's AMAZING, but you have to supply the electricity which will add up to a fair amount for a real pc vs. a little appliance thingy. Got a spare laptop with a borked screen or something? You could probably pick one up for a song at RePC or a similar outfit.
In the context of this article, the correct term is slashdos'ed
Thank you
No, I don't trust in god. He'll have to pay up front, like everybody else.
Yikes....im a single cell in the womb if were going by that analogy.
There is no difference. The extrapolation from actual voters to eligible electorate is perfectly valid, comforting as it may be for the losers to hope for there being some statistically significant "hidden reserves".
Especially this time around the voting crowd was quite diverse and the preelection vote-encouraging rhetoric more shrieking, with the "Choose or Lose" of the past replaced by the pompous "Vote or Die".
In Soviet Washington the swamp drains you.
It's a line from "The Life Aquatic with Steve Zissou."
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
... protecting against this nonsense could be sheeted back to the manufacturer of the insecure operating system on the 'bots, then he'd pretty quickly mend his insecure o/s. Technical problem solved. The real problem however is the absence of police and legal systems equipped with sufficient backbone to be able to adjudicate on and enforce a ruling against a huge international corporation.
Here at least, if a car pollutes to much or is a safety hazard it can't be driven. from the article a 20,000 helped cause an attack that cost around the one mil. mark. or to be more specific, each of those zombies caused $50 worth of damage.
How much does a decent firewall cost?
Make getting online a right, but a right that has responsibilities (just as getting on the road does). You want to send traffic, fine. But if you are detected as a zombie you now have to 'for $50 about' prove that you have fixed the problem before you can get back online.
Reading this article only proves to me that just letting any old hunk off junk on the internet super highway is not a good idea.
Aside from that, your philosophy leaves a huge gaping hole in the murder laws. Suppose you want someone dead. You give them a nice gift. As they are walking away, you shoot them in the back of the head and kill them. You are arrested and claim they were running away with your property.
That is why the law doesn't work the way you claim. When someone claims self-defense, they are generally prosecuted anyway. In most states, if you claim self-defense the burdon of proof is on you to prove that your life was in immediate danger (the prosecution only has to prove that you killed the person, which you will confess to in order to claim self-defense). If you fail to prove that your life was in danger, you will be convicted of murder.
>> I regularly had to chase crackheads, as well as hookers with their Johns off of our back steps.
Where I work we have security. They deal with unwelcome visitors... it's a job I'm happy to leave to the folks trained and paid for it.
If your company didn't hire janitorial staff, would you clean the toilets too? Seriously, if you're a qualified admin why would you do security work? If it's because you have some hollywood delusions about how sexy guns are, you really shouldn't carry one.
http://request-header.info
http://www.wisesnacks.com/products_doodles_story.h tml
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I believe if I had a business that lost a million dollars due to downtime and my network wiz tracked the guy's home address, I'd be on the next flight out with a good, strong baseball bat.
Egress filtering is easy, and should be mandatory. Dunno if ISPs are in the driver seat these days, but unless someone made arrangements to be a transit net with a 2nd ISP, I'd be pretty ticked to see inbound packets from a surprising CIDR range.
My own net (medium size community college) is filtered on the internal and border router. Belt and suspenders, you know?
In reality, this site is hosted on an Amiga.
;-)
Hey...That is obviously wrong, but it's an easy mistake to make. Not every Commodore is an Amiga.
I'm writing this on my Amiga, with Apache running comfortably on it, actually. It pumps out large files too (around 100 MB), with upstream bandwith the limiting factor to speed.
You've confused the Amiga with the Commodore 64, which actually does have a webserver: Contiki
Irene KHAAAAAAN!
If you read the article, you'd see that one of the tactics of DDoS-attackers is to attack a domain that is their own, but points to the victim.
So the FBI would have a hard time separating the DDoS-attackers from a victim that's silly enough to re-route to the FBI.
(And as others said: Re-routing or null-routing means that your site is down anyway, giving the DDoS'ers the victory.)
Irene KHAAAAAAN!
Please send me $50,000 or I will post an article on Slashdot with a link to your website, and it will will go down for the next week.
Randy.Flood@RHCE2B.COM
The way I read the article the guy worked his ass off to provide the service for which he was hired - network security consultant. I'd say his $50K fee wasn't all that much compared to the benefits of having a bulletproof setup for production servers.
Opening scene: clueless luser notices things going slow for a few seconds. "Oh", they say. Later we find out they've been zombified.
There's a major theme of ambiguity of identity and purpose, so the Lyon character needs a verbal mannerism like "Hmm, this is true" just to make you keep asking "but is it?". Also there's a lot of disembodied voices (the first half of the story is all non-meatspace) so there's a backing track of, say, some Mozart choral stuff. The coolness of that also emphasises the frenzy in the machine room.
You never actually see Ivan etc, just see some TV news story about arrests in somewhere unpronouncable across the sitting room over supper.
The "Is he actually one of them?" question is an excellent last-scene twist leaving essential questions hanging in the air, like in The Sting.
Of course, you'd have to pretend it wasn't about real people etc...
What eles?
http://anweald.co.uk
if you have a backup link, you can set up both links to filter routes from the other link. Traffic to ISP2 really ought to exit to ISP2.
And unless you are set up to be a transit net, you really ought to block outbound src != your addresses on both nets.
There are a lot of leaf node nets with more than one stem.
I agree the filter ought to be pushed as close to the host as possible. You need the host mac to track the spoofer down, for one thing. You lose that after hop > 0.
Well, then, no one should ever be arrested.
That arguement doesn't fly. I'd agree that no one should be held indefinitely, but arresting someone is a reasonable action to prevent a crime that will not result in their death! What kind of analogy was that? Which legal system are you working under?
You are also saying that if I witness someone breaking into my house, grabbing my TV and running off with it, I'm not capable of determining whether they committed a crime. You are wrong on both counts. Try again.
Simply stating that I'm wrong in an insulting tone , and adding a condescending "try again" is not an argument.
The taking of another human life should not be taken so lightly that anyone that's had their $200 tv nicked should be able to do it.
If the theif comes in with a gun and you shoot him TO WOUND with that gun (or to kill ONLY if your life is at risk) I think that's totally acceptable. A person who has little choice but to die or fight back shouldn't be penalised for fighting back. A gun-toting redneck who wants to kill him a burgular is a danger to society and should be locked up. Its a fine line and a difficult thing to determine, hence the idea of a jury of peers (as imperfect as that is).
These posts express my own personal views, not those of my employer