Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Taking on an Online Extortionist

timothy posted more than 9 years ago | from the and-shove-it dept.

Security 784

An anonymous reader writes "When an online exortionist comes a knocking, threatining a DDoS, do you pay or fight? For many, paying may seem like a sensible option when compared to going out of buisness. CSO Magazine has a riveting article about how an online gambling site and a DDoS specialist teamed up to take on such an extortionist. When everybody else was rolling over and paying, this company risked its very existence to fight back. From the article: '"The attack went to 1.5Gb, with bursts up to 3Gb. It wasn't targeted at one thing. It was going to routers, DNS servers, mail servers, websites. It was like a battlefield, where there's an explosion over here, then over there, then it's quiet, then another explosion somewhere else," says Lyon. "They threw everything they had at us. I was just in shock."'"

cancel ×

784 comments

Sorry! There are no comments related to the filter you selected.

oblig Churchill (5, Funny)

isecore (132059) | more than 9 years ago | (#12432550)

"We will fight them in the CAT5, on the routers, in the packets. We will never surrender"

Or however he said it :)

Re:oblig Churchill (5, Informative)

sqlgeek (168433) | more than 9 years ago | (#12432713)

"We shall not flag nor fail. We shall go on to the end. We shall fight in France and on the seas and oceans; we shall fight with growing confidence and growing strength in the air. We shall defend our island whatever the cost may be; we shall fight on beaches, landing grounds, in fields, in streets and on the hills. We shall never surrender and even if, which I do not for the moment believe, this island or a large part of it were subjugated and starving, then our empire beyond the seas, armed and guarded by the British Fleet, will carry on the struggle until in God's good time the New World with all its power and might, sets forth to the liberation and rescue of the Old."

Re:oblig Churchill (3, Funny)

ShaniaTwain (197446) | more than 9 years ago | (#12432806)

"I may be drunk, Miss, but in the morning I will be sober and you will still be ugly."

Re:oblig Churchill (1)

Infinityis (807294) | more than 9 years ago | (#12432730)

And here I thought it was Sean Connery playing as King Arthur in the movie First Knight:

"I am your king...and I command you...TO FIGHT! Long live the internet! Never give up! Never giv-*thwack*

As he collapses under the weight of the DDoS attack.

Re:oblig Churchill (1)

Fishstick (150821) | more than 9 years ago | (#12432767)

I was thinking Galaxy Quest ;-)

Never give up, never surrender.

Re:oblig Churchill (1)

jasonbowen (683345) | more than 9 years ago | (#12432834)

with the first chords of Aces High playing in the background...

mirror here (0)

Anonymous Coward | more than 9 years ago | (#12432862)

Mirror [rb-hosting.de]

Question (0)

Anonymous Coward | more than 9 years ago | (#12432551)

Was his name Roland Piquepaille?

Re:Question (1, Insightful)

Council (514577) | more than 9 years ago | (#12432651)

What I don't understand about the Roland Piquepaille thing is why what anything he does is bad! He says "come look at my site!" instead of directing people elsewhere, even though his blog's content isn't all that spectacular.

How is that different from the entire rest of the internet? An awful lot of blogs link news stories with a bit of commentary and want people to read them. Slashdot submitters are free to submit their own sites. The problem is with slashdot editors accepting fairly dumb submissions. That seems to be the problem. Not that Roland Piquepaille is acting scandalously.

Roland was part of a scam (0)

Anonymous Coward | more than 9 years ago | (#12432790)

Remember the "tactile digital assitant" that was tied to a French company that wanted a rather large sum of money to send you one? Remember how Roland was all hip about the product and did everything to spam his blog on Slashdot to promote it?

Who got their TDA? No one.

Anyone who supports Roland is supporting a scam and possibly organized crime.

Re:Question (1, Insightful)

Anonymous Coward | more than 9 years ago | (#12432819)

I think the fuss was that he alledgedly pasted in 90% of an article on his site (but including a link to the original somewhere on his page), made one or two not-so-insightful comments and submitted his page to /. instead of the link he researched his story from.
When the slashdotting began, he made a lot off all the ads on his site.
People were cross that they were pointed to a 'version' of the story when they could have been pointed to the actual story itself, and that someone was profitting off that style of journalism (rightly or wrongly).

lol jews (0, Troll)

Opportunist Troll (873090) | more than 9 years ago | (#12432554)

BREAKING NEWS: The World Trade Center has been attacked by terrorists.

Here's a tip (3, Funny)

dtfinch (661405) | more than 9 years ago | (#12432556)

Don't respond. They'll think you didn't see their email.

Re:Here's a tip (4, Insightful)

frikazoyd (845667) | more than 9 years ago | (#12432653)

I would think in the situation that the e-mail was ignored, it would enrage the extortionist into firing a warning shot, one that would for SURE get the guy's attention. In fact, from the article, it looks like that is sort of what happened. He didn't respond, just first sought consultation and alerted his ISP. Then the extortionist sent a second threat, but not until he had crashed a few ISP servers to get some attention.

Re:Here's a tip (4, Interesting)

suso (153703) | more than 9 years ago | (#12432701)

Actually, in relation to that, what happens when your spamfilter marks such an email as spam. I guess you can say that's a major false positive.

Interesting article (3, Interesting)

Nova1313 (630547) | more than 9 years ago | (#12432557)

Very long but very interesting. Glad to see they caught some of them. They mentioned a hacked icq account.. That just seemed odd to me since ICQ accounts are free.. Anyone know what they were talking about?

Re:Interesting article (1)

everettpf3 (880595) | more than 9 years ago | (#12432625)

I'm more confused about why ICQ was chosen. Last time i dropped by ICQ it seemed like there were more bots than humans.

Re:Interesting article (4, Informative)

snorklewacker (836663) | more than 9 years ago | (#12432670)

They prefer to use cracked ICQ accounts because it adds some misdirection to point to an existing entity, an older account may be less likely to be instantly shut off by automatic processes, and well, they're L33T H4X0RZ and cracking is what they like to do (at least the kids working for the extortionists -- the folks running the show are probably pretty rational organized crime types).

Re:Interesting article (1)

masklinn (823351) | more than 9 years ago | (#12432694)

Someone sets up his ICQ account
Someone else manages to get/guess the password to the above set account
The second one (which would be branded as the "hacker") has just hacked in someone else's ICQ account and can now use it without getting any blame.

It's the same when you hear of MSN accounts hacking, basically IM accounts being stolen. Dummy accounts for someone else to take the blame for your actions may come in handy, i guess.

Pay the man! (0, Offtopic)

kpwoodr (306527) | more than 9 years ago | (#12432559)

And then get to see the out dated WSJ articles!

Post... (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12432560)

first?

Even Slashdot? (5, Funny)

troc (3606) | more than 9 years ago | (#12432561)

"They threw everything they had at us. I was just in shock."

I guess that includes getting a mention on Slashdot?

Troc

Re:Even Slashdot? (4, Informative)

kpwoodr (306527) | more than 9 years ago | (#12432631)

Very true, this post could have much worse consequences than they could ever throw at you.

I have determined that my personal website would stand for less than 4 seconds if it were to receive a propper slashdotting.

Needless to say I don't take threats like this very seriously. Here are the options I see:

1. Give in and pay up like a good pansy
2. Form a team of cyber attack monkeys to do your bidding
3. Launch a counter offensive with a team of script kiddies and their IRC Bots
4. Contact the authorities and report the threat, block the IPs delivering said packets, carefully monitor your servers like a good admin, and prevent the traffic that you deem as harmful.

If they really threw all that much at you, it would take a very sophisticated attack to not leave a large enough trail to figure out where it came from and actually do something about it.

Re:Even Slashdot? (1)

rainman_bc (735332) | more than 9 years ago | (#12432829)

block the IPs delivering said packets

Dunno if that'll do anything. There's so many pwned machines out there that you can find with just a scan with nmap that you can't just block an ipaddress really...

That's one of the attacks these guys have is to nail you from as many different directions possible... Bouncing packets off of unsuspecting pwned machines.

Re:Even Slashdot? (4, Informative)

alienw (585907) | more than 9 years ago | (#12432832)

Looks like you don't understand how DDOSs work. They get a whole lot of hijacked computers with DDOS trojans installed on them. MSIE makes this quite easy. Then they launch a DDOS at a website. You can't "block" the packets on the server because by the time your server gets them it's too late -- they have already clogged up your pipe. In fact, the traffic will probably overwhelm your ISP unless they are very large. The only place to block them would be on the ISPs main router, and that's pretty hard to do given that there could be thousands of different bots and they aren't that terribly different from ordinary users (other than the amount of traffic they generate).

Re:Even Slashdot? (1)

ceeam (39911) | more than 9 years ago | (#12432632)

Now someone a bit less lazy than me should post a clickable link to "the gambling site". :-)

Re:Even Slashdot? (1, Interesting)

MrAnnoyanceToYou (654053) | more than 9 years ago | (#12432762)

Speaking of mentions on Slashdot, has anyone else ever seen an article wherein someone was portrayed as such a complete shining genius? Anybody else find this even slightly suspicious?

So now we're gonna slashdot 'em? (5, Funny)

LordByronStyrofoam (587954) | more than 9 years ago | (#12432564)

Seems kinda brutal to hit them with another DDOS.

Re:So now we're gonna slashdot 'em? (1)

John Harrison (223649) | more than 9 years ago | (#12432612)

Mission accomplished sir! I am unable to read the article.

Re:So now we're gonna slashdot 'em? (0)

Anonymous Coward | more than 9 years ago | (#12432659)

Dipshit. It was the casino site allegedly under DDOS attack, not CSO magazine.

Re:So now we're gonna slashdot 'em? (2, Funny)

Manfre (631065) | more than 9 years ago | (#12432734)

The casino site was hit for money. CSO was throw in for free!

arg (-1, Troll)

Anonymous Coward | more than 9 years ago | (#12432566)

fp

Re:arg (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12432600)

There're plently of good comments to mod up... Why waste points modding down trolls? Not too many read at 0...

hmmm (0)

Anonymous Coward | more than 9 years ago | (#12432568)

gambling on ddos

Re:hmmm (1)

ackthpt (218170) | more than 9 years ago | (#12432775)

gambling on ddos

More like gambling on putting your PC on the internet. Will it become a zombie or not?

Just hazarding a guess, extortionists favor Windows over other leading brand operating systems. Some sales pitch...

And now a DDoS by Slashdot crowd... (-1, Redundant)

nasta (598787) | more than 9 years ago | (#12432575)

Film at 7.

Have a nice glass of (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12432576)

frosty pist?

The DDoS worked apparently. (3, Funny)

Anonymous Coward | more than 9 years ago | (#12432582)

Or maybe it was planned this way. Nothing says offline like a link from slashdot.

That's frightening (5, Interesting)

plover (150551) | more than 9 years ago | (#12432584)

It's a brilliant story, and you've got to applaud the guys at the victim site for sticking up for themselves.

It makes me wonder if this new anti-DDoS company can somehow establish relationships with ISPs to track back the zombies and get them shut down more quickly? Seems that would be the sanest and most effective tool -- take away the bots. No bots -- no botnet -- no attacks.

Re:That's frightening (3, Funny)

KiloByte (825081) | more than 9 years ago | (#12432606)

Uhm, to take away the bots, you would have to cut them at the root. And the root is a certain mega-corporation that's a bit difficult to be rooted out.

Re:That's frightening (1)

plover (150551) | more than 9 years ago | (#12432817)

No, I'm not suggesting they run around with an XP SP2 disc and update everyone.

I'm suggesting that if they discover a bot at address 1.2.3.4 that they notify that addresses ISP that there's a bot that needs to be taken care of. The ISP could turn them off instantly.

Re:That's frightening (4, Interesting)

Talking Goat (645295) | more than 9 years ago | (#12432867)

Or, the ISP's can do as the smart ones have done and deploy Tipping Point [tippingpoint.com] begin to mitigate these attacks the moment they are detetcted on the border routers. It's smart, fast, and really good at shutting down the traffic generated by these botnets by giving the admin the ability to apply vendor-supplied templates, or to create your own. However, you'd need additional deployments inside the network to avoid fratricide, but you can't beat the intelligence behind this aproach.

Sense (0)

Anonymous Coward | more than 9 years ago | (#12432602)

Why don't they just send them Russian mail-order brides?

Fight! (2, Insightful)

YrWrstNtmr (564987) | more than 9 years ago | (#12432611)

When an online exortionist comes a knocking, threatining a DDoS, do you pay or fight?

Presumably, they will give you some way to pay them (else what is the point?). Point the cops and or feds at that contact, and see what happens.

Extortion is extortion, be it physical or bandwidth.

If no joy from the authorities, I'm sure your local newsrag would be glad to shame the cops into doing something. Of course, if the extortionist is overseas, things might be a little difficult.

Re:Fight! (2, Insightful)

telecsan (170227) | more than 9 years ago | (#12432679)

"Point the cops and or feds at that contact, and see what happens."

That of course, is predicated on your business being 100% legitimate. I'm not sure about this individual case, but I'm sure not all the online gambling sites are uh, trustworthy. That would be a major roadblock to involving the authorities.

Re:Fight! (5, Insightful)

Anonymous Coward | more than 9 years ago | (#12432683)

Presumably, they will give you some way to pay them (else what is the point?). Point the cops and or feds at that contact, and see what happens.

This is where R'ingTFA comes in...

If no joy from the authorities, I'm sure your local newsrag would be glad to shame the cops into doing something. Of course, if the extortionist is overseas, things might be a little difficult.

Again, this is where R'ingTFA comes in. I'd also add that one downside of moving your business to an unregulated third world country is that neither the local journalists nor the local cops are especially interested in your gringo problems. I don't understand why Scotland Yard bothered with him.

Re:Fight! (0)

Anonymous Coward | more than 9 years ago | (#12432776)

thats New Scotland Yard, to you sonny! :)

Re:Fight! (1)

krunchyfrog (786414) | more than 9 years ago | (#12432760)

Of course, if the extortionist is overseas, things might be a little difficult.

In fact, I sometimes report people to their abuse department even if they are overseas, and most of the time the abusing stops pretty effectively.

Mirror of article (4, Informative)

apparently (756613) | more than 9 years ago | (#12432619)

Mirror here. [mirrordot.org]

Re:Mirror of article (0)

Anonymous Coward | more than 9 years ago | (#12432703)

Seems like your mirror is slashdotted, also. Nice work that.

Re:Mirror of article (0)

Anonymous Coward | more than 9 years ago | (#12432725)

I think the mirror stalls because it tries to pull images from the original site

Re:Mirror of article (1)

sachmet (10423) | more than 9 years ago | (#12432779)

Also mirror here [nyud.net] .

PureGig (1)

Triumph The Insult C (586706) | more than 9 years ago | (#12432810)

mirrordot is hosted at puregig internet, the same puregig internet referenced in the article. pg is also home to easynews

pg is an awesome provider. super fat pipes, excellent uptime, and *very* smart people. they're my uplink for home. sure, they're not the cheapest hosting or service provider out there, but they are completely worth it

gambling and extortion? (3, Funny)

superwiz (655733) | more than 9 years ago | (#12432621)

First time those 2 go hand in hand....

Re:gambling and extortion? (2, Funny)

pdbogen (596723) | more than 9 years ago | (#12432663)

+5 ironic

DDoS? (1, Funny)

Tim5309 (880616) | more than 9 years ago | (#12432630)

Is anyone else revelling in the hilarious irony that the site about surviving a DDoS attack has been Slashdotted? Or is that just me?

Re:DDoS? (0)

Anonymous Coward | more than 9 years ago | (#12432741)

if they survived, then is was practice for us... or are we now 'testing' their setup?

Never pay (5, Insightful)

nuggz (69912) | more than 9 years ago | (#12432647)

If they actually get money, they'll do it again and again.
Any measure of success will encourage more of the same behaviour.

Re:Never pay (1)

Council (514577) | more than 9 years ago | (#12432808)

Never pay
If they actually get money, they'll do it again and again.
Any measure of success will encourage more of the same behaviour.


Congratulations, you've just solved the problem of successfully responding to a threat [wikipedia.org] . Your solution will always lead to the best outcome and the only reason it's not the route taken by everyone in these situations is that no one has thought about that.

To be fair, you're more right than wrong as far as DoS attacks go. But sometimes websites are actually important; you can probably come up with an example placing financial ruin or even lives at stake.

Good, some balls. (5, Interesting)

vbrookslv (634009) | more than 9 years ago | (#12432649)

Glad to see someone standing up to these thugs. I remember a few years ago, the ISP that I admin'd hosted the connection for http://www.defcon.org/ [defcon.org] . We had someone start a Smurf attack from the Con, targetting our inbound T3's. We were able to track it down, and actually snatch him out of his seat right there at the con. He promptly apologized (I think, he only spoke german, IIRC). The look on his face was priceless. Oh, did I mentioned that me, and everyone else at the company carry Glock 19's? Yeah, we didn't have any more problems for the rest of the con. Everyone was on their best behaviour. A bunch of fine, upstanding individuals. :)

Re:Good, some balls. (3, Funny)

Anonymous Coward | more than 9 years ago | (#12432783)

Oh, did I mentioned that me, and everyone else at the company carry Glock 19's?


What about the interns?

Re:Good, some balls. (1)

lowrydr310 (830514) | more than 9 years ago | (#12432799)

Do you have a Nevada Concealed Carry permit?

Re:Good, some balls. (1, Funny)

Anonymous Coward | more than 9 years ago | (#12432804)

Wow, you all carry Glock 19's? Damn.. you are all badasses! ISP admins must be a tough crowd.

How many times have you pointed them at a human?

Re:Good, some balls. (1)

Half-Baked (771927) | more than 9 years ago | (#12432830)

So do you have any balls WITHOUT your gun?

Re:Good, some balls. (4, Insightful)

Anonymous Luddite (808273) | more than 9 years ago | (#12432846)

>> and everyone else at the company carry Glock 19's?

Please excuse my asking, oh well-armed-one, but WTF for?

The glock is a fine weapon, and being an admin for an ISP is a fine job, but I can't quite see the relationship between the two things...

I fell for one of these (2, Funny)

Anonymous Coward | more than 9 years ago | (#12432658)

An online wallet inspector demanded I send him my billfold posthaste. I never got it back. Be forewarned.

follow the money (0)

Anonymous Coward | more than 9 years ago | (#12432668)


its not that hard, if the banks obstruct then sue them as well

Taking on an Online Extortionist (1)

JamesP (688957) | more than 9 years ago | (#12432669)

Did anyone read this as Online Exorcist???

Or maybe 0wnline extortionist...

I did :-) (1)

gonzocanuck2 (470521) | more than 9 years ago | (#12432729)

I don't know why. I have been reading everything wrong lately.

Just do what we do on IRC (5, Funny)

Anonymous Coward | more than 9 years ago | (#12432674)

Find out where they live and call their mom.

Riveting? (1)

b3x (586838) | more than 9 years ago | (#12432675)

ya ... riveting ... uhuh

Another (mangled) Chuchill quote (1)

astebbin (836820) | more than 9 years ago | (#12432677)

"Never... have so few... been pinged so much, by so many, zombified by so few..."

Curious (3, Interesting)

Dante Shamest (813622) | more than 9 years ago | (#12432680)

I've always wondered...when a site is slashdotted, it implies that the site has been hit by high referrals from slashdot, causing it to become slow or go down totally.

But how does slashdot itself cope with the high traffic?

Re:Curious (5, Funny)

Secrity (742221) | more than 9 years ago | (#12432757)

Wormholes.

Re:Curious (0)

Anonymous Coward | more than 9 years ago | (#12432758)

much bandwidth, multiple servers.

Re:Curious (5, Funny)

Gzip Christ (683175) | more than 9 years ago | (#12432801)

I've always wondered...when a site is slashdotted, it implies that the site has been hit by high referrals from slashdot, causing it to become slow or go down totally. But how does slashdot itself cope with the high traffic?
It's quite simple, really - Slashdot just doesn't link to itself.

Re:Curious (1, Funny)

Chmarr (18662) | more than 9 years ago | (#12432849)

Oh! That would explain all the dupe articles we see!

Re:Curious (1)

Misroi (834266) | more than 9 years ago | (#12432814)

Better servers, better connection? Better Caching? If you notice, when you post a reply it is updated a few minutes later, that's probably from the cache refresh time.

Re:Curious (5, Informative)

dougmc (70836) | more than 9 years ago | (#12432831)

But how does slashdot itself cope with the high traffic?
Lots of bandwidth, lots of hardware. Since it gets `slashdotted' every single day, it'll be pretty easy to predict how much traffic you'll get tomorrow -- approximately the same as you got yesterday, perhaps a bit more.

But when you're running your own server, and it normally gets 50 hits/day, and then suddenly a Slashdot listing hits it with millions of hits in one day, well, that's harder to prepare for, because 1) you often don't know you're going to be on /. until it's already happened, and 2) is it even worth preparing for? It's just one or two days, and then things will go back to normal. More hardware and bandwidth may cost lots of money, money that you're not going to spend just so people can see pictures of whatever neat thing you did.

Really, the only sites that get /.ed are the smaller ones. The larger ones already have the hardware and bandwidth needed to handle it. Sure, a /.ing probably shows up on their mrtg reports, but it's probably just a 20% or so increase in traffic, not a 1000x fold increase.

Re:Curious (0)

Anonymous Coward | more than 9 years ago | (#12432844)

it duplicates the storise to spread the load?

seriously, I've wondered the same thing as the parent...

Re:Curious (5, Funny)

MyLongNickName (822545) | more than 9 years ago | (#12432852)

That's the trick. Most people would say "bigger servers" and "bigger bandwidth". But I know the real reason. Notice how you get 'Service Unavailable'? Every so often? I found that if more than 50 people are accessing Slashdot at the same time, that their database cannot handle it. In reality, this site is hosted on an Amiga. Only 50 users you say? That can't be.... just look at my User ID!

All the 813,621 users before you don't really exist. These messages are randomly generated geek buzzwords. "Users" are given personalities, ranging from "Linux lover" to "Windows loser", from "I'm just a troll" to "IAARS", from "Funny" to "I take myself serious, but no one else does".

Those "personalities" alter the pre-populated phrase list according to topic (actually, I am not even sure the topic matters). Think of it as an advanced Turing simulation.

I was fooled for my first three months. Then, I saw the predictable responses, and realized that there was no actual intellegence here. Just the occassional real life person who wanders in and is fooled for a while. The auto-misspell feature was a nice addition, I have to admit.

Want proof? Pick a user id. Peruse messge list. Notice the lack of variety? Notice the lack of real meaning behind each message? And when there is real content, try browsing earlier messages. You will find phrases ripped verbatim from an earlier post.

Of course, you may also be a bot. CommanderTaco is always making tweaks to the message generation algorithm (though his posts, too, are mostly generated by code). I will have to peruse your message history when I am done posting here.

Speaking of Ddos... (1)

whitelabrat (469237) | more than 9 years ago | (#12432687)

So much for the article.

Extorting a gambling site? (5, Funny)

wowbagger (69688) | more than 9 years ago | (#12432699)

Extorting a gambling site? That strikes me as a LLM (life limiting move, c.f. career limiting move).

Many gambling sites still have connections to, shall we say, respectible businessmen of the Italian or Asian pursuasion, who are used to handling such matters extra-legally.

You might just wake up one day with your computer's monitor (cables severed with an ax) in bed with you.

Or Guido and Nunzio standing over you, giving you tips on the finer points of extortion while they wait for the concrete to set.

Re:Extorting a gambling site? (0)

Anonymous Coward | more than 9 years ago | (#12432744)

Many gambling sites still have connections to, shall we say, respectible businessmen of the Italian or Asian pursuasion, who are used to handling such matters extra-legally.

Raciast bigot.

Re:Extorting a gambling site? (1)

Viol8 (599362) | more than 9 years ago | (#12432748)

Theres a story that someone tried to extort or hack (not sure) a russian gambling website once.
Unfortunately it was run by the russian mafia and apparently the hacker was tracked down and executed. The story may be apocryphal but knowing what russia is like it could easily be true.

Re:Extorting a gambling site? (0)

Anonymous Coward | more than 9 years ago | (#12432828)

You watch too much TV, and so did the moron who moderated your post up.

Re:Extorting a gambling site? (1)

Council (514577) | more than 9 years ago | (#12432869)

Guido and Nuzio! Someone else who recognizes that! Yeah, you don't wanna cross those guys.

I love the world set up in those books.

In this case, I think name-dropping like that is a little less difficult. The internet is a big and easy-to-hide place, and I think the overwhelming majority of gambling sites are NOT involved with organized crime. Though if you can correct me on that, please do.

Slashdot does the same...! (0)

Anonymous Coward | more than 9 years ago | (#12432704)

I wonder who at CSO Magazine pissed off the Slashdot editors?

I for one... (2, Insightful)

Spy der Mann (805235) | more than 9 years ago | (#12432707)

welcome our Windows zombie machines overlords. (food for thought).

Hmm (0)

Anonymous Coward | more than 9 years ago | (#12432722)

Everybody else having problems getting to the site? Even the mirror doesn't work, this is annoying.

fighting back with infrastructure (4, Interesting)

Ankh (19084) | more than 9 years ago | (#12432727)

Some ISPs are doing customer-level ingres filtering -- e.g. if the "other end" of the cable modem gets a packet whose src address is not that of the cable modem, drop it on the floor, it's forged.

The ease of infecting home XP systems remotely means you sometimes find teenagers with tens of thousands of zombie computers at their control. They can sell them to spammers, too.

The ease of doing massive DDoS attacks is why I stopped running an IRC server, and also stopped a research project I was doing related to inter-protocol messaging. It wasn't worth the hassle.

Fighting back is hard if you don't know who to fight, but in the case of extortion, (1) document everything on paper, (2) keep timestamped printed IRC logs of all conversations, and full email printouts; (3) ask some other people to print copies of their IRC logs when appropriate. Then contact the RCMP (or if you are in the USA, the FBI, but in the USA you need to show financial damage of $5,000 or more). Don't wait until it's all over before contacting them.

Good luck!

Liam

Catching them (1)

ehiris (214677) | more than 9 years ago | (#12432737)

Here are the federal extortion laws [findlaw.com] . Wouldn't the FBI get involved if there is proof of extortion? Can't the attackers be caught easily when trying to cash in?

hold buggy software vendors responsible? (1)

capilot (809596) | more than 9 years ago | (#12432739)

I wonder if some sort of class-action suit wouldn't be appropriate against the vendors of software which allows computers to become zombies?

In the news... (1)

IEEEMonkey (669772) | more than 9 years ago | (#12432769)

...today the hosts of Slashdot.org, an everything geek website, was accused of causing a DDoS on an online magazine's website. It seems that for several hours the site was unavailable as a result. Site owners of Slashdot.org refused to comment as the zombies they were using had no choice but to hit the link to the downed web site time and again.

Next News Story... (3, Funny)

kniLnamiJ-neB (754894) | more than 9 years ago | (#12432784)

"How CSO Online took on Slashdot... and LOST."

I'm glad that somebody's standing up to the jerk though... people who do stuff like that are wasting perfectly good matter.

No protection (5, Interesting)

McGiraf (196030) | more than 9 years ago | (#12432794)

The thing with these DOS extortionist is that unlike the mafia or other groups they do not protect you from other extortinist. If you pay them thay can stop their attact, but if someone else try to attack you they cannot do anyting.

Blockbuster? (2, Funny)

pakog (796037) | more than 9 years ago | (#12432837)

Am i the only one who was sitting on the edge of my seat while reading the battlefield analogy? This is unexplored movie territory with some great potentiol. "Behind CAT5 Lines"

Network admins! Prevent this from happening (4, Informative)

bigberk (547360) | more than 9 years ago | (#12432843)

This is an appeal to network admins working at ISPs, whether large or small. You have a responsibility to make sure that spam/attack zombies don't exist on your networks. These days it's a trivial task to check to make sure you're not part of the problem. This can be scripted so that you receive periodic reports of problem hosts on your system, which you can then firewall, disconnect, or restrict access to.

There are so many blacklists these days, so just use rsync to grab fresh copies of AHBL, CBL, DSBL, SORBS, whatever. Then run through grepcidr [pc-tools.net] to see if any IPs from your network(s) are on the blacklists. So easy, and you'll be protecting both yourself and others from malicious zombies.

EVIL! (5, Funny)

jav1231 (539129) | more than 9 years ago | (#12432853)

Okay, I first read that as "Online Exorcist." I'm thinking, how does THAT work? TO: Satan@littlegirlshead.com
From: Father Mayai (Yes, you may!)
Subject: Notice of Eviction

The good thing (1)

dos_dude (521098) | more than 9 years ago | (#12432863)

As disgusting it is to hear about "online extortionists", I prefer them to the rl extortionists. The former might direct an army of zombies at your servers and ddos the hell out of them. But the latter direct a gang of hoodlums at you to make your knees deny their service.

Too bad that we now have both and that the online guys aren't replacing the rl ones.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>