Online BlackMailers

It is a frightening thought for most of us here who run online businesses and I am sure it will become more of a problem in the future.

Sites Under Ransom

http://news.bbc.co.uk/2/hi/technology/4621158.stm

Just more PR for Alex :)

Worldpay have been attacked a few times, eventually the attackers run out of bots.

Ooooh imagine that. Front page news on the local rag because someone threatened to cripple my website that has about 5 hits a day.

that would be lovely

That's quite interesting. People do anything for a buck or two.

There's always been a lot of that.

It's been speculated that some of the online betting sites have paid up when threatened near to big events.

I suppose they'd rather lose a few bucks than what they'd make if the event went on. But seriously, who thinks of these things? People have too much spare time on their hands. And these are probably people who are really quite intelligent but can't get jobs or something so they muster up something like that. Money makes the world go round.

It's quite often people in the ex soviet states and other economically poor areas.

The larger companies are already set up to combat this. A denial of service attack normally takes a lot of time to organise because you need to coordinate a load of zombie PC's to attack a certain address at a set time.

I believe the likes of William Hill and Coral use a system of constantly changing IP numbers when they expect an attack. MS developed this when they found out a virus was programmed to ping their site constantly at a set time and date.

All the bookies know to expect an attack when ever there is a large sports event like the National or the World Cup so this is when they switch on their protection.

This sort of protection does cost a lot of money though.

I believe the likes of William Hill and Coral use a system of constantly changing IP numbers when they expect an attack.

How does that work then? Surely the fact that DNS needs to point to the relevant IP address at any given moment means that a dDOS attack on the domain would render any IP change useless?????

The only way that I know of to combat a massive dDos attack is to have a network big enough to absorb the attack - and this kind of bandwidth costs SERIOUS money.... thousands a week infact!

Im not saying the IP change solution is wrong... I'm just curious as to how it works :wink:

I've not heard of that solution before.

If you are changing IP then as Tony says DNS needs to be updated (or use a round robin system) - either way the hostname still has to resolve to the IP. So the attackers target the hostname instead of the IP.

Again, as Tony says the only way to combat DDoS is to have a huge pipe. You can't block the traffic becuase it's from a huge range of IP's and they are inditinguishable from legit requests.

It's quite often people in the ex soviet states and other economically poor areas.
Why?

That's simply not true, the majority of machines that take part in these attacks are zombies and are geographically everywhere - you might even be sitting at one now :wink: IS YOUR ANTI-VIRUS UPTO DATE!

Yes, it goes on all the time, i remember being told when NOCHEX had this happen to them. And i know two of the people that worked to undo all the hijackers work. There is always someone out there that can un do all the destruction. Its just the price they cost! :-)

That's simply not true, the majority of machines that take part in these attacks are zombies

Better than owning a physical store and being attacked by real zombies :shock:

Seems like the Zombies play a big role in the problem.

Do you think we'll arrive at some sort of Internet "MOT" test for computers where users will be barred from "driving" on the Internet if they don't have a minimum level of security?

Its mostly large companies that get this sort of attack, although larger companies are better equipped to detect an attack.

Doesnt really make much sense holding million dollar homepage to ransom, hes already got his money why would he care if his site goes down for a few days??!?!

Any people here had a DDoS attack?

Oh deary me (http://news.com.com/2061-10789_3-6029020.html?part=rss&tag=6029020&subj=news)

I spoke too soon!

That's simply not true, the majority of machines that take part in these attacks are zombies and are geographically everywhere

Yes, geographically the attacks come from all over the place, but there still needs to be a person or persons that manage the zombienet (usually via IRC - the zombies all log on and await instructions). it's these people that are often from the ex soviet states.

I'm not sure why. There is a huge amount of IT talent there, especially in the security sector. I was very much involved in the whole 'hacker' scene until a few years ago.