Slashdot Mirror

← Back to Stories (view on slashdot.org)

Death Knell For DDoS Extortion?

Posted by kdawson on from the greener-pastures dept.

Ron writes "Symantec security researcher Yazan Gable has put forward an explanation as to why the number of denial of service attacks has been declining (coincident with the rise of spam). His theory is that DoS attacks are no longer profitable to attackers. While spam and phishing attacks directly generate profit, he argues that extortion techniques often used with DoS attacks are far more risky and often make an attacker no profit at all. Gable writes: 'So what happens if the target of the attack refuses to pay? The DoS extortionist is obligated to carry out a prolonged DoS attack against them to follow through on their threats. For a DoS extortionist, this is the worst scenario because they have to risk their bot network for nothing at all. Since the target has refused to pay, it is likely that they will never pay. As a consequence, the attacker has to spend time and resources on a lost cause.'"

9 of 101 comments (clear)

  1. Somebody please think of the Zombies! by HaeMaker · · Score: 2, Funny

    What will come of the 0x09F911029D74E35BD84156C5635688C0 zombie machines out there? Converted to spam remailers? /yea, I know, -1 redundant, but it is still funny.

  2. Bot network? by psaunders · · Score: 3, Funny

    For a DoS extortionist, this is the worst scenario because they have to risk their bot network for nothing at all. You don't need a bot network to be a DoS extortionist. Unplugging your target's modem is just as effective, and has the virtue of simplicity.

    The extortion part is difficult though, since the target must decide whether to comply with your demands (i.e. payment) or else just give you a good thrashing.

    --
    Karma police, arrest this man. He talks in math. He buzzes like a fridge. He's like a detuned radio.
    1. Re:Bot network? by myowntrueself · · Score: 5, Funny

      You don't need a bot network to be a DoS extortionist. Unplugging your target's modem is just as effective, and has the virtue of simplicity.

      I think I see where you are coming from; my ISP is some kind of DoS extortionist... if I stop paying them they DoS me.

      Help, I am being exploited! :(

      --
      In the free world the media isn't government run; the government is media run.
  3. botnet for personal projects? by OrangeTide · · Score: 3, Funny

    Got some nuclear research you'd like to do but don't have the resources to create a super computer? rent a botnet!

    Perhaps we could make them into a self-aware AI one day, imagine that. an AI running on poorly secured Windows boxes

    --
    “Common sense is not so common.” — Voltaire
  4. Revenge by Hao+Wu · · Score: 2, Funny

    It isn't enough for DOS to stop. I want them to pay for what they have done to my beautiful internet. I want them to bleed and to suffer greatly for crime of extorting moneys from innocent web administrators.

    --
    I suggest you read Slashdot
  5. Re:No extortion ever, then! by Anonymous Coward · · Score: 2, Funny

    Actually, it sounds more like someone kidnapping someone's wife, only to have the ransom demands met with "keep her!"

  6. Posible DDoS'r Conversation by Electr!c_B4rd_Qu!nn · · Score: 1, Funny

    "Pay me money or I'll.....post a link on Slashdot!"
    "Oh God...anything but that! I'll Pay!"

    --
    " i r 1337. j00 a l0z3r "
    That talk kinda makes you cry, doesn't it?
    That's right..cry those nerdly tears
  7. Re:No extortion ever, then! by Reaperducer · · Score: 2, Funny

    the US solution would work fine.
    Never thought I'd see that phrase on Slashdot.
    --
    -- I'm old enough to have lived through six different meanings of the word "hacker."
  8. Virus? by sonictheboom · · Score: 2, Funny

    What happens when it gets a virus? AI goes crazy? What happens when it becomes self aware and finds out that it is made out of Windows? Self loathing and madness. Scary thoughts.