Slashdot Mirror

← Back to Stories (view on slashdot.org)

Death Knell For DDoS Extortion?

Posted by kdawson on from the greener-pastures dept.

Ron writes "Symantec security researcher Yazan Gable has put forward an explanation as to why the number of denial of service attacks has been declining (coincident with the rise of spam). His theory is that DoS attacks are no longer profitable to attackers. While spam and phishing attacks directly generate profit, he argues that extortion techniques often used with DoS attacks are far more risky and often make an attacker no profit at all. Gable writes: 'So what happens if the target of the attack refuses to pay? The DoS extortionist is obligated to carry out a prolonged DoS attack against them to follow through on their threats. For a DoS extortionist, this is the worst scenario because they have to risk their bot network for nothing at all. Since the target has refused to pay, it is likely that they will never pay. As a consequence, the attacker has to spend time and resources on a lost cause.'"

10 of 101 comments (clear)

  1. The payment risk has also prolly risen as well. by Penguinisto · · Score: 4, Interesting
    The author, if I read this correctly, assumes that the risk is constant... but compare the profit from spammers (who can make payments more directly, as noted), and extortionists (who stand a good --not perfect, but good-- chance of having that payment traced/tracked. Sure, it'll go to some money-handling service in Russia or whatnot, but that wouldn't put it completely out of the realm of trackability.

    They still want the money somehow, and getting it bears higher risk with extortion than by simply grabbing dough under-the-table from spammers.

    I suspect (okay, hope?) that spamming will begin to lose its profit motive as well, as users become computer-literate enough en masse to ignore emailed pitches... making the reward not really worth the effort. Even the dumbest user can get ripped off only so many times before they either a) go broke, or b) figure out that maybe they should stop buying stuff from spammers.

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
    1. Re:The payment risk has also prolly risen as well. by tmarthal · · Score: 5, Insightful

      He also doesn't seem to get that sometimes people DoS sites out of spite or out of malice.

      You can't put a pricetag on being an asshole to the internet community.

  2. Re:No extortion ever, then! by idesofmarch · · Score: 4, Informative

    That is not entirely true. In the present scenario the potential extortionist has a choice - spam or extort. Spamming is currently more profitable, or so the argument goes, and therefore, there are fewer extortions. In the world outside of botnets, extortionists may not have such easily available alternatives, so they stick to extortion.

  3. Maybe not even spam so much... there is worse: by Penguinisto · · Score: 5, Interesting
    Could be that someday, somebody is going to cobble together a P2P-style redundant agent that coulod convert a botnet into a big-assed torrent server.

    I mean, what better place (from an objective POV) to park warez and illicit data (e.g. certain types of illegal pr0n), than on some unsuspecting schlep's machinery?

    The mobsters then charge admittance by way of proxies (conceptual term, not 'w.x.y.z:8080') and advertise by way of spam?

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  4. One assumption though... by Chabil+Ha' · · Score: 4, Insightful

    That all DDoS attacks are for the purpose of extortion. Does nobody do these things simply because they just want to blackball someone anymore? No, this isn't the death of the DDoS.

    --
    We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
  5. Re:No extortion ever, then! by R3d+M3rcury · · Score: 4, Insightful

    It's sort of like kidnapping.

    Way back when, kidnapping was a pretty good way to make some quick cash. Grab somebody's significant other and tell them to deliver money to see them again. The automobile was pretty new and you could grab somebody and get them far enough away in a short amount of time that local law enforcement couldn't deal with it.

    Thus, the feds were immediately brought in to any kidnapping case. Because the FBI had kidnapping specialists who knew all the angles, kidnapping for ransom became very unsuccessful. Nowadays, you rarely hear of a kidnapping case with a ransom demand here in the United States. It's just not worh it.

  6. Re:Bot network? by myowntrueself · · Score: 5, Funny

    You don't need a bot network to be a DoS extortionist. Unplugging your target's modem is just as effective, and has the virtue of simplicity.

    I think I see where you are coming from; my ISP is some kind of DoS extortionist... if I stop paying them they DoS me.

    Help, I am being exploited! :(

    --
    In the free world the media isn't government run; the government is media run.
  7. From my experience by jbossvi · · Score: 5, Informative

    These guys have hit us up before. From what I have seen it is a
    -give us $ or we shut you down.
          -a small quick ddos to show you they can.
    -you say "no thanks", so now they ask for $$$.
          -a little bit longer ddos because you pissed them off.
    -now they ask for $$$$$. which you certainly are not going to pay.
          -another little ddos, more email threats of looming death and destruction, they are "leet" after all.

    at this point you begin to factor outages and lost revenues into the business plan, you call ISP's, you consider calling the FBI.

    they eventually go away. The best advice we got was from someone who has a "relationship" (pronounced cashcow) with a ddos'r. The scam is that they are looking for regular clients that they know can/will pay, and that they can hit up when they need cash. The word has gotten around that if you pay once, you'll pay twice. At least in the business of online casino's everyone has begun to understand that you just dont pay, ever.

  8. Re:Why even bother to make good on your threat? by MoxFulder · · Score: 5, Informative

    This is sort of a game theory problem.

    No individual extortionist wants to actually expend the resources to make good on his threat... but all extortionists recognize that if NO ONE carries out their threats, they will have no power over the victims.

    --
    My bicyles
  9. more DDoS prevention today as well by linenoise · · Score: 4, Interesting

    Another factor why the DDoS extortion of today is less profitable than a few years back is the existence of mechanisms to mitigate attacks more effectively. Companies like Arbor Networks and Cisco make products that let enterprises and Service Providers quickly flip a switch to redirect and protect legitimate customer traffic. I helped design the Sprint IP Defender solution, providing Sprint customers both quick notification of a security event AND the option to circumvent the issue. This takes all the control away from the extortionists.

    Naturally, being employed in the managed security space, I have a dichotomy of interests that should not be forgotten - yes I want to see DDoS incidents being eliminated BUT yes I work for a company where fear of an incident leads companies to buy services from us which in turn drives up my 401k. There is big business in fear, but hey, if you lose $100k in revenue every 10 minutes your network is down, it only makes sense that you protect that income stream. Anyways, for every one extortionist, there are three script-kiddies hanging out in #l33tddos on EFnet wanting to see the level of damage he/she can impose.......

    G'night all.