MeetUp.com Rebuffs Extortion by Amateur DDoS Attacker

Share

criminal-213740_640

Bitly wasn’t the only service hit with a DDoS attack recently. Meetup.com, the social network geared toward creating local clubs, had its service knocked out for the better part of four days. Meetup Co founder and CEO Scott Heiferman released a blog post about the attack, and he included some interesting details.

According to Heiferman’s account, he received an email on from a supposed DDoS attacker, claiming that a Meetup competitor had requested the attack. “I can stop the attack for $ 300 USD. Let me know if you are interested in my offer,” the email said. Then, the Meetup servers became overwhelmed and services went down.

As Meetup staff worked to shut out the attack and restore service, their fixes were battered with fresh attacks. Three major waves of changes were made and now the site seems stable, but Heiferman is cautious. “While we’re confident that we’re taking all the necessary steps to protect against the threat, it’s possible that we’ll face outages in the days ahead,” he wrote in his post.

Even if the amount was small, Heiferman says he didn’t pay because Meetup won’t negotiate with criminals. Furthermore, the amount of money the attacker requested was so small, it seemed like an amateur attack, which ultimately opens the door to further extortion attempts. As DDoS attacks increase in scale as well as frequency it’s getting more important for companies to provide a united front and stronger defenses.

In the light of these recent DDoS attacks, Lamar Bailey, director of security R&D for Tripwire, may have been proven right. “A successful attack on Bitly is more than likely a practice run for a larger scale attack planned in the future,” he told SCMagazineUK.

DDoS attacks are no longer just the domain of trolls and hacktivists. They’re becoming a significant online extortion and blackmail tool. Between these kinds of attacks and social engineering hacks, online services need to start reinforcing their security protocols — not just to protect user data, but to protect themselves.

New Career Opportunities Daily: The best jobs in media.

SocialTimes

Share

Bitly Responds Quickly to DDoS Attack

Share

server_error

Distributed Denial of Service — also known as DDoS attacks — are a fairly common way to block access to a site. A multitude of requests for a web page, usually generated by scripts or bots, overloads the servers and access is knocked out. Sometimes, a DDoS is used to make a political point or for trolling. In Bitly’s case, it may have been a trial run for something bigger.

 


 
Bitly is a URL shortening service that has been creating custom services for SMBs and larger corporations like Pepsi, The New York Times and Symantec for years. According to findings from Symantec security response manager Satnam Harang, spammers had somehow gotten their hands on Bitly’s corporate API keys.

SC Magazine quotes Harang saying, “spammers have found a way to create their own links using branded short domains in order to entice users into a false sense of security.”

Armed with this knowledge, it’s possible that Bitly decided to take proactive measures to protect its services. And according to Cesar Cerrudo, CTO of IOActive Labs, such action could have led spammers to seek revenge. “DDoS is the weapon of choice for cyber crime and criminals to attack sites that could or have interfered with their ‘business,’” Cerrudo told SCMagazine.

Lamar Bailey, director of security R&D at Tripwire, thinks the DDoS may be more worrying than simple revenge.

A successful attack on Bitly is more than likely a practice run for a larger scale attack planed in the future. A DDoS of Bitly shows that the attack will work on pretty sophisticated sites without tipping off the intended target. Reports have been circulating from ARN and Prolexic about DDoS potential attacks on the financial sector so this could be a dry run.”

The good news is that Bitly had planned for this very contingency and was able to respond to the attack quickly. The outage lasted less than an hour and no data was compromised. Bitly, or any other online service, might not be so lucky next time.

Image credit:  GirlieMac

New Career Opportunities Daily: The best jobs in media.

SocialTimes

Share