Slashdot Mirror
Taking on an Online Extortionist
An anonymous reader writes "When an online exortionist comes a knocking, threatining a DDoS, do you pay or fight? For many, paying may seem like a sensible option when compared to going out of buisness. CSO Magazine has a riveting article about how an online gambling site and a DDoS specialist teamed up to take on such an extortionist. When everybody else was rolling over and paying, this company risked its very existence to fight back. From the article: '"The attack went to 1.5Gb, with bursts up to 3Gb. It wasn't targeted at one thing. It was going to routers, DNS servers, mail servers, websites. It was like a battlefield, where there's an explosion over here, then over there, then it's quiet, then another explosion somewhere else," says Lyon. "They threw everything they had at us. I was just in shock."'"
"We will fight them in the CAT5, on the routers, in the packets. We will never surrender"
:)
Or however he said it
I enjoy large posteriors and I cannot prevaricate.
Don't respond. They'll think you didn't see their email.
Very long but very interesting. Glad to see they caught some of them. They mentioned a hacked icq account.. That just seemed odd to me since ICQ accounts are free.. Anyone know what they were talking about?
There exists some positive integer N that you are the Nth person to read this signature.
"They threw everything they had at us. I was just in shock."
I guess that includes getting a mention on Slashdot?
Troc
Troc's dubious podcast and blog: http://www.trocnet.net
Seems kinda brutal to hit them with another DDOS.
Slashdot's name? When my compiler sees
Or maybe it was planned this way. Nothing says offline like a link from slashdot.
It makes me wonder if this new anti-DDoS company can somehow establish relationships with ISPs to track back the zombies and get them shut down more quickly? Seems that would be the sanest and most effective tool -- take away the bots. No bots -- no botnet -- no attacks.
John
Presumably, they will give you some way to pay them (else what is the point?). Point the cops and or feds at that contact, and see what happens.
Extortion is extortion, be it physical or bandwidth.
If no joy from the authorities, I'm sure your local newsrag would be glad to shame the cops into doing something. Of course, if the extortionist is overseas, things might be a little difficult.
Mirror here.
First time those 2 go hand in hand....
Any guest worker system is indistinguishable from indentured servitude.
If they actually get money, they'll do it again and again.
Any measure of success will encourage more of the same behaviour.
Glad to see someone standing up to these thugs. I remember a few years ago, the ISP that I admin'd hosted the connection for http://www.defcon.org/. We had someone start a Smurf attack from the Con, targetting our inbound T3's. We were able to track it down, and actually snatch him out of his seat right there at the con. He promptly apologized (I think, he only spoke german, IIRC). The look on his face was priceless. Oh, did I mentioned that me, and everyone else at the company carry Glock 19's? Yeah, we didn't have any more problems for the rest of the con. Everyone was on their best behaviour. A bunch of fine, upstanding individuals. :)
An online wallet inspector demanded I send him my billfold posthaste. I never got it back. Be forewarned.
Find out where they live and call their mom.
I've always wondered...when a site is slashdotted, it implies that the site has been hit by high referrals from slashdot, causing it to become slow or go down totally.
But how does slashdot itself cope with the high traffic?
Extorting a gambling site? That strikes me as a LLM (life limiting move, c.f. career limiting move).
Many gambling sites still have connections to, shall we say, respectible businessmen of the Italian or Asian pursuasion, who are used to handling such matters extra-legally.
You might just wake up one day with your computer's monitor (cables severed with an ax) in bed with you.
Or Guido and Nunzio standing over you, giving you tips on the finer points of extortion while they wait for the concrete to set.
www.eFax.com are spammers
welcome our Windows zombie machines overlords. (food for thought).
Some ISPs are doing customer-level ingres filtering -- e.g. if the "other end" of the cable modem gets a packet whose src address is not that of the cable modem, drop it on the floor, it's forged.
The ease of infecting home XP systems remotely means you sometimes find teenagers with tens of thousands of zombie computers at their control. They can sell them to spammers, too.
The ease of doing massive DDoS attacks is why I stopped running an IRC server, and also stopped a research project I was doing related to inter-protocol messaging. It wasn't worth the hassle.
Fighting back is hard if you don't know who to fight, but in the case of extortion, (1) document everything on paper, (2) keep timestamped printed IRC logs of all conversations, and full email printouts; (3) ask some other people to print copies of their IRC logs when appropriate. Then contact the RCMP (or if you are in the USA, the FBI, but in the USA you need to show financial damage of $5,000 or more). Don't wait until it's all over before contacting them.
Good luck!
Liam
Live barefoot!
free engravings/woodcuts
"How CSO Online took on Slashdot... and LOST."
I'm glad that somebody's standing up to the jerk though... people who do stuff like that are wasting perfectly good matter.
Windows isn't the answer... it's the question. NO is the answer!
The thing with these DOS extortionist is that unlike the mafia or other groups they do not protect you from other extortinist. If you pay them thay can stop their attact, but if someone else try to attack you they cannot do anyting.
Am i the only one who was sitting on the edge of my seat while reading the battlefield analogy? This is unexplored movie territory with some great potentiol. "Behind CAT5 Lines"
This is an appeal to network admins working at ISPs, whether large or small. You have a responsibility to make sure that spam/attack zombies don't exist on your networks. These days it's a trivial task to check to make sure you're not part of the problem. This can be scripted so that you receive periodic reports of problem hosts on your system, which you can then firewall, disconnect, or restrict access to.
There are so many blacklists these days, so just use rsync to grab fresh copies of AHBL, CBL, DSBL, SORBS, whatever. Then run through grepcidr to see if any IPs from your network(s) are on the blacklists. So easy, and you'll be protecting both yourself and others from malicious zombies.
Okay, I first read that as "Online Exorcist." I'm thinking, how does THAT work? TO: Satan@littlegirlshead.com
From: Father Mayai (Yes, you may!)
Subject: Notice of Eviction
But like I said, he's cleaned up his act in recent months, so I no longer have a beef with him. Some folks, on the other hand, still hold this against him--which isn't an entirely unreasonable position to take.
Obliteracy: Words with explosions
Dane-geld
:)
(A.D. 980-1016)
IT IS always a temptation to an armed and agile nation,
To call upon a neighbour and to say:--
"We invaded you last night--we are quite prepared to fight,
Unless you pay us cash to go away."
And that is called asking for Dane-geld,
And the people who ask it explain
That you've only to pay 'em the Dane-geld
And then you'll get rid of the Dane!
It is always a temptation to a rich and lazy nation,
To puff and look important and to say:--
"Though we know we should defeat you, we have not the time to meet you.
We will therefore pay you cash to go away."
And that is called paying the Dane-geld;
But we've proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane.
It is wrong to put temptation in the path of any nation,
For fear they should succumb and go astray,
So when you are requested to pay up or be molested,
You will find it better policy to says:--
"We never pay any one Dane-geld,
No matter how trifling the cost,
For the end of that game is oppression and shame,
And the nation that plays it is lost!"
- Rudyard Kipling
Anyone willing to try their hand at "updating" this to fit online extortion? This could be lots of fun
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Including, apparently, a good slashdotting.
and a Whiz Kid
Took On an Extortionist
and Won Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this. Saturday, Nov. 22, 2003, 7:57 a.m.
Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."
Richardson runs BetCris.com, an online wagering site, one of hundreds of sites ensconced in Costa Rica that take bets from Americans (and others around the world) without concern for U.S. bookmaking laws. Richardson received the e-mail just as he and his competitors were preparing for the year's busiest wagering season. With pro and college football, pro and college basketball and other sports in full swing, and with Thanksgiving and Christmas about to create plenty of free time, BetCris and the others stood to rake in millions over the holidays. Richardson was even planning an advertising blitz for the season to drive new traffic to his site.
If BetCris went down, he knew his customers would find another online bookie, "which will cost you tens of thousands of dollars in lost wagers and customers," the extortionists reminded him.
Despite all that, the e-mail didn't have the fearsome effect on Richardson that the extortionists hoped it would. He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I saidGod, in hindsight, what an idiotI said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
As a precaution, Richardson alerted his ISP, but essentially, he says, "We kind of fluffed it off." The veteran bookmaker didn't panic because, in fact, he had dealt with online extortionists before. Two years earlier, hackers crashed BetCris.com with a denial-of-service (DoS) attack, and then demanded by e-mail a $500 protection fee in eGold (an online form of trading bullion). Richardson paid without a second thought. Compared to downtime, $500 was trivial.
That first attack got his attention, though. Richardson consulted another industry veteran who confessed to having a similar problem, and who told Richardson to call a consultant named Barrett Lyon in Sacramento, Calif. Lyon didn't come to BetCris's officeshe had no interest in baby-sitting infrastructure in Costa Ricabut he did recommend some off-the-shelf products that had recently been developed specifically to fight DoS attacks. Lyon thought (actually he hoped) that he'd never hear from them again. Richardson and Lebumfacil were confident they had protected themselves.
When the attack finally came on that Saturday in November, sometime after that first e-mail but before 11:30 a.m., BetCris crashed hard. The off-the-shelf products Lyon had recommended survived less than 10 minutes. BetCris's ISP crashed, and then the ISP for BetCris's ISP crashed. Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
At 1:03 p.m., another e-mail arrived. "I guess you have decided to fight instead of making a deal. We thought you were smart.... You have 1 hour to make a deal today or it will cost you $50K to make a deal on Sunday." Then they knocked BetCris.com offline again.
The Extortion Problem
We know this about online extortion: It happens. Evidence of its prevalence or damage is speculative and anecdotal but useful nonetheless in guiding CSOs to understand the nature of the crime. Anecdotally, experts from law enforcement and information security consultants believe that perhaps one in 10 companies has been threatene
Hey, leave me out of this! I can't even get my own articles accepted.
Dewey, what part of this looks like authorities should be involved?
How a Bookmaker
and a Whiz Kid
Took On an Extortionist --
and Won
Facing an online extortion threat, Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them. If you collect revenue online, you'd better read this.
CSO Magazine
May 2005
By Scott Berinato
Saturday, Nov. 22, 2003, 7:57 a.m.
Origins of an Onslaught
The e-mail began, "Your site is under attack," and it gave Mickey Richardson two choices: "You can send us $40K by Western Union [and] your site will be protected not just this weekend but for the next 12 months," or, "If you choose not to pay...you will be under attack each weekend for the next 20 weeks, or until you close your doors."
Richardson runs BetCris.com, an online wagering site, one of hundreds of sites ensconced in Costa Rica that take bets from Americans (and others around the world) without concern for U.S. bookmaking laws. Richardson received the e-mail just as he and his competitors were preparing for the year's busiest wagering season. With pro and college football, pro and college basketball and other sports in full swing, and with Thanksgiving and Christmas about to create plenty of free time, BetCris and the others stood to rake in millions over the holidays. Richardson was even planning an advertising blitz for the season to drive new traffic to his site.
If BetCris went down, he knew his customers would find another online bookie, "which will cost you tens of thousands of dollars in lost wagers and customers," the extortionists reminded him.
Despite all that, the e-mail didn't have the fearsome effect on Richardson that the extortionists hoped it would. He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I said--God, in hindsight, what an idiot--I said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
As a precaution, Richardson alerted his ISP, but essentially, he says, "We kind of fluffed it off." The veteran bookmaker didn't panic because, in fact, he had dealt with online extortionists before. Two years earlier, hackers crashed BetCris.com with a denial-of-service (DoS) attack, and then demanded by e-mail a $500 protection fee in eGold (an online form of trading bullion). Richardson paid without a second thought. Compared to downtime, $500 was trivial.
That first attack got his attention, though. Richardson consulted another industry veteran who confessed to having a similar problem, and who told Richardson to call a consultant named Barrett Lyon in Sacramento, Calif. Lyon didn't come to BetCris's offices--he had no interest in baby-sitting infrastructure in Costa Rica--but he did recommend some off-the-shelf products that had recently been developed specifically to fight DoS attacks. Lyon thought (actually he hoped) that he'd never hear from them again. Richardson and Lebumfacil were confident they had protected themselves.
When the attack finally came on that Saturday in November, sometime after that first e-mail but before 11:30 a.m., BetCris crashed hard. The off-the-shelf products Lyon had recommended survived less than 10 minutes. BetCris's ISP crashed, and then the ISP for BetCris's ISP crashed. Richardson ran to the IT department, where Lebumfacil was watching the biggest DoS attack he'd ever seen. He remembers feeling sick to his stomach.
At 1:03 p.m., another e-mail arrived. "I guess you have decided to fight instead of making a deal. We thought you were smart.... You have 1 hour to make a deal today or it will cost you $50K to make a deal on Sunday." Then they knocked BetCris.com offline again.
The Extortion Problem
We know this about online extortion: It happens. Evidence of its prevalence or damage is speculative and anecdotal but useful nonetheless in guiding CSOs to understand the nature of the crime. Anecdotally, experts from law enforcement and information security consultants believe that perhaps one in 1
The problem is that many of the online gambling and online poker operations are not based in the United States, as it is against the low. More often that not then, the site operators establish their operations in small Caribbean islands and the Isle of Man. As a result, the small island governments are almost aways incapable of handling a large scale international investigation, but at the same time, the FBI cannot get involved because there was no crime committed on US soil. Now, the knee-jerk reaction is to say that the site operators are getting what they deserve for establing off-shore operations and not paying taxes, but that wouldn't be the whole story either. The true fact is that while practically all of the gambling operators are owned and run by US citizens, almost all of those operations want to be regulated by the government and pay taxes as well. Why? Because of exact situations like these with the DDoSers. Between loosing the shirt off your back and paying taxes, one of the options starts to look a lot more business smart. It's a weird world when one of the most profitable online industries that pays little to no tax is also the one most wants to be regulated and taxed at the end of the day. Given the context of the industry however, it can be easily summed up in one easy notion: protection fee. Having the protection of the laws of the US government far outweighs being knocked over, cheated or swindled by the legions of DDoSers, fraudsters and governments that the industry has to deal with. Ambiguities about the morals of gambling aside, if a $2 billion dollar industry that most believe is here to stay wants to come ashore and be taxed and regulated, as a US citizen, I for one would welcome the tax benefits.
Makes you look less geeky.
I'm not tense. I'm just terribly, terribly, alert.
Is it just me, or is the author none-too-subtly suggesting at the end of what seems a pretty flattering article that the one who engineered the defence is in collusion with the exortionists, and that paying him for help is essentially paying a protection fee? The turnabout in tone is so abrupt it seems like the last few paragraphs were written by a different person.
The only thing I'm reminded of is the telling of a guy who sought palindrome ICQ account numbers with email addresses from XS4ALL assigned to them, of which the email accounts had expired. Apparently he found a few, and through XS4ALL, he would re-create these expired email accounts, then have the old password sent to him. A weird collectible, and probably not the story you were looking for. :-)
Take off every 'ZIG' !!
God knows your /. ID is low enough that it might be true.
... dangerous. :)
Watch it with the age slurs there, sonny. That could get
I especially liked the ending. Finally a legal criminal that really delivers :P
Thank you. The mirrors of the article have been really clogged.
Yeah, I'm as old as my UID would suggest.
Starting Feb 2004, my site was hit by a powerful DDoS attack. It knocked out my web server and it nearly took out my web host's switch in the data center. I never got any demands or letters or figured out who caused it.
Anonymizer.net tried to help me by putting my domain behind a series of rotating proxy servers. Their whole network crashed after 6 hours and they had to stop helping me.
Finally my web host hit on the right idea. I set up a half dozen virtual private servers (VPS) at Globalservers.com (same company that hosts about.com and freeservers) and my host installed a proxy server on each one called twhttpd and set them all to route traffic to and from my web server at his data center.
Then I set up an account at ZoneEdit and added all the IPs for the proxy servers with a failover system. Every time the bastards knocked out one of the proxy servers, ZoneEdit would detect that the server was borked and switch to another one. With the load reduced, the dead proxy came back on its own a few minutes later.
After about 6 months of this, they finally gave up and I won.
Only on
The lesson is also that if you pay, they'll know you'll pay more.
There's a point where they keep coming back with higher numbers. If you look, they only guaranteed the protection for a year.
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
i can't read the story, but a lot of comments suggest contacting the FBI
stoopid question but:
what law did they break?
if they used their own bandwidth, then they just sent packets to your public website, right?
This is kind of like some spammer emailing me saying "i currently spam you lots and lots and lots, if you give me *money* i'll stop spamming". Ironically, this is just one more piece of spam in my inbox. Why would this spam be criminal, and the thousands of XXX VIAGRA CIALIS XXX be fine?
So,
I'm trying to read the article and that is giving me another "business idea".
"Give me $10 000 or I'll submit an article to Slashdot with a link to your web site".
Distributed Denial of Service!
The Internet is full. Go Away!!!
Everything that bastard submits gets accepted! You could submit "How scientists cracked the light speed barrier" and get rejected and then he comes along behind you with "Anatomy of a cheez doodle" and gets accepted! God I hate him! Hate hate hate! Yup...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
...is submitting a story to /. the last revenge of the DDOS extortioner?
All's true that is mistrusted
... or does this sound like an opening line for a soft-core porn flick?
"Lyon was 23 and looked at least that young. His blond hair offset a tan, handsome face. Allec says Lyon looked like he had given up a day of surfing to swing by and help out."
8==8 Bones 8==8
What would happen if he had changed the dns of his website, to, i dunno, say the ip address of fbi.gov? The criminals would then be dossing fbi.gov and the fbi would immediately notice. If it wasn't a dns-based attack, it should be relatively easy to route all incoming traffic to another ip address.
I wonder if the guy that was originally being dossed would get in trouble for it.
Why read the article when I can just make up a snap judgement?
I'm the head network engineer at an isp.
2 years ago one of our customers recieved a DDOS email and he called me and asked me what he should do.
I told him to ignore it and honestly I found it quite amusing, thinking it was script kiddies.
I wasn't laughing 24hrs later as they completely saturated our pipes and our border routers (7206 VXR's at the time) were locked at 100% cpu.
I've taken serious steps since then to be ready. it wasnt a pleasant experience though and happened right in middle of business day.
welcome to the internet! There are many new and exciting technologies which you should look in to now that you are here!
-- 'The' Lord and Master Bitman On High, Master Of All
From a purely economic standpoint, it makes me wonder who's the real "extortionist"...
Have fun: Join D.N.A. (National Dyslexics Association)
How ironic that a story about fighting DDoS attacks can't be read due to the Slashdot effect.
He just asked his network administrator, Glenn Lebumfacil, if they should be concerned. "I said--God, in hindsight, what an idiot--I said, 'We should be safe. I think our network is nice and tight,'" recalls Lebumfacil.
Is this guy's last name really 'The Easy Bum'? Wow, lol.
It's AMAZING, but you have to supply the electricity which will add up to a fair amount for a real pc vs. a little appliance thingy. Got a spare laptop with a borked screen or something? You could probably pick one up for a song at RePC or a similar outfit.
In the context of this article, the correct term is slashdos'ed
Thank you
No, I don't trust in god. He'll have to pay up front, like everybody else.
This is plain wrong. I lived in Texas and this is NOT legal. To have a justifiable shooting, the person must be in your house or attempting to break into your house while you are there. Just like other states, if you shoot someone in the back as they are trying to escape, you are breaking the law.
Texas Penal Code 9.42 B (when deadly force is allowed)
to prevent the other who is fleeing immediately after committing burglary, robbery, aggravated robbery, or theft during the nighttime from escaping with the property;
Try reading the law sometime. I won't quote the whole law, but it really means what it looks like. Shooting them in the back is ok based on the way the law is written.
Despite what the press would have you believe, most of us in TX are just like you and me.
I was born and raised in TX and lived 26 years there. What the people are like there is irrelevant to what the law says.
Learn to love Alaska
Aside from that, your philosophy leaves a huge gaping hole in the murder laws. Suppose you want someone dead. You give them a nice gift. As they are walking away, you shoot them in the back of the head and kill them. You are arrested and claim they were running away with your property.
That is why the law doesn't work the way you claim. When someone claims self-defense, they are generally prosecuted anyway. In most states, if you claim self-defense the burdon of proof is on you to prove that your life was in immediate danger (the prosecution only has to prove that you killed the person, which you will confess to in order to claim self-defense). If you fail to prove that your life was in danger, you will be convicted of murder.