Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Death Knell For DDoS Extortion?

kdawson posted more than 7 years ago | from the greener-pastures dept.

Security 101

Ron writes "Symantec security researcher Yazan Gable has put forward an explanation as to why the number of denial of service attacks has been declining (coincident with the rise of spam). His theory is that DoS attacks are no longer profitable to attackers. While spam and phishing attacks directly generate profit, he argues that extortion techniques often used with DoS attacks are far more risky and often make an attacker no profit at all. Gable writes: 'So what happens if the target of the attack refuses to pay? The DoS extortionist is obligated to carry out a prolonged DoS attack against them to follow through on their threats. For a DoS extortionist, this is the worst scenario because they have to risk their bot network for nothing at all. Since the target has refused to pay, it is likely that they will never pay. As a consequence, the attacker has to spend time and resources on a lost cause.'"

cancel ×

101 comments

Sorry! There are no comments related to the filter you selected.

d-d-d-d-d-death knell? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18949025)

For d-d-d-d-d-dos

Re:d-d-d-d-d-death knell? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18949105)

I hear a certain number will stop the DOS attacks.

Re:d-d-d-d-d-death knell? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18949225)

Fuck Symantec.

Re:d-d-d-d-d-death knell? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18949815)

I lick clit and like it.

I'll show you how official midgets jack me off.

Still potent (2, Insightful)

the code is 09 F9 11 (1095929) | more than 7 years ago | (#18949087)

this just relegates the Spammer to having to attack smaller sites, who cannot afford to bear the brunt of the assult as long as a large site can

DDoS will be around for a while still

Re:Still potent (1)

ichigo 2.0 (900288) | more than 7 years ago | (#18949343)

I think you are confusing spam and DoS.

Not the point (3, Insightful)

tygerstripes (832644) | more than 7 years ago | (#18954777)

While that's certainly true, I think you're missing the point of the article - that DDoS attacks simply aren't worth the effort and risk when compared to the perfectly viable alternative of spamming.

If you can choose two ventures, one of which will almost certainly generate revenue with very little risk to you, and the other of which often generates no revenue at all but poses a high risk to your liberty and your resources, which do you choose?

Re:Not the point (1)

Zeinfeld (263942) | more than 7 years ago | (#18955955)

It is too soon to say whether this is going to be a sustained trend. If it is economics is certainly the reason.

I would state the reason somewhat differently though. A traditional extortion racket is called protection for a reason - to get paid the extortionist has to provide a guarantee of safety from attack against other gangs, not just his own.

The DDoS extortion rings can't stop any attacks other than their own. So they cannot provide a guarantee of service. Paying up does not guarantee service.

Another difference is that the attacker cannot make a credible threat that discourages going to the police.

Yet another difference is that there are services that do provide for adequate DDoS protection.

All things considered the logical response to targetting by a DDoS attack is to call the police first, then call a DDoS protection specialist. The only time it makes sense to pay up is if you can do a sting and get the perps arrested.

That said there is another aspect, the bots used for DDoS are the ones that can't be used for anything else. They are blacklisted by the spam filtering companies. DDoS might well resurge as other net crimes stop being economic and the perps look for new scams.

Re:Not the point (1)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#18956357)

All things considered the logical response to targetting by a DDoS attack is to call the police first, then call a DDoS protection specialist. The only time it makes sense to pay up is if you can do a sting and get the perps arrested.

Hmm, I'd go for a slightly more proactive approach. Just get your pipes from an ISP that provides DoS protection. That way when they send the DDoS attack your ISP will call and say, "hey we're rate limiting some really suspicious traffic. Do you want to log on and take a look and decide what should be dropped?" Then you can call the police.

Somebody please think of the Zombies! (2, Funny)

HaeMaker (221642) | more than 7 years ago | (#18949089)

What will come of the 0x09F911029D74E35BD84156C5635688C0 zombie machines out there? Converted to spam remailers? /yea, I know, -1 redundant, but it is still funny.

Maybe not even spam so much... there is worse: (5, Interesting)

Penguinisto (415985) | more than 7 years ago | (#18949269)

Could be that someday, somebody is going to cobble together a P2P-style redundant agent that coulod convert a botnet into a big-assed torrent server.

I mean, what better place (from an objective POV) to park warez and illicit data (e.g. certain types of illegal pr0n), than on some unsuspecting schlep's machinery?

The mobsters then charge admittance by way of proxies (conceptual term, not 'w.x.y.z:8080') and advertise by way of spam?

/P

Re:Maybe not even spam so much... there is worse: (2, Insightful)

blhack (921171) | more than 7 years ago | (#18949491)

They already do that. See: the entire movie bootlegging scene.

Re:Maybe not even spam so much... there is worse: (0)

Anonymous Coward | more than 7 years ago | (#18949495)

It's already been done and happening.

Re:Maybe not even spam so much... there is worse: (2, Informative)

HeroreV (869368) | more than 7 years ago | (#18949629)

To learn more, see XDCC at Wikipedia [wikipedia.org] .

Re:Maybe not even spam so much... there is worse: (1)

tinkertim (918832) | more than 7 years ago | (#18950997)

Could be that someday, somebody is going to cobble together a P2P-style redundant agent that coulod convert a botnet into a big-assed torrent server.


Only if egress filtering were outlawed by congress, or a serious serious hole was found in the 2.6 Linux kernel. One of the other things that makes botnets yummy for spam is the fact that port 25 is often NOT filtered on egress, so if your able to escape / inject and get a shell, you're home free.

Bot's aren't so hot at accepting incoming connections because they need root priviliges to circumvent such firewalls. Servers behind anything serious do this at the switch/router level, so even a fully compromised server is only useful for so much.

Bots that can be controlled centrally are usually controlled via the same route that they came in. The hacker will just save the link to the weak forum script and use it to inject more code that forks their bot.

The really yummy servers to infest are the ones with 100+ meg connections, typically web hosting servers. Its usually desktops with significantly less bandwidth (and use) that don't filter egress. Once again, the most efficient and profitable way to use those is, well, sending spam.

Anyway you look at it, spam is the best option for them in most cases.

Re:Somebody please think of the Zombies! (1)

dexomn (147950) | more than 7 years ago | (#18950047)

Fuck man, and I thought the SPAM was the DDoS... dur

No extortion ever, then! (2, Insightful)

The_Wilschon (782534) | more than 7 years ago | (#18949103)

By this logic, nobody would ever engage in any kind of extortion. Clearly, people do, so either people are just acting illogically, or there is some flaw. I'm guessing some of both.

Re:No extortion ever, then! (0)

Anonymous Coward | more than 7 years ago | (#18949179)

declining, they haven't disappeared.

Re:No extortion ever, then! (4, Informative)

idesofmarch (730937) | more than 7 years ago | (#18949187)

That is not entirely true. In the present scenario the potential extortionist has a choice - spam or extort. Spamming is currently more profitable, or so the argument goes, and therefore, there are fewer extortions. In the world outside of botnets, extortionists may not have such easily available alternatives, so they stick to extortion.

Re:No extortion ever, then! (1)

ceoyoyo (59147) | more than 7 years ago | (#18950037)

Why don't the online extortionists DDOS the non-payers with spam? ;)

Re:No extortion ever, then! (2, Interesting)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#18955979)

In the present scenario the potential extortionist has a choice - spam or extort. Spamming is currently more profitable, or so the argument goes, and therefore, there are fewer extortions.

That's a nice theory, but I don't think that is what happens in practice. From what I've seen no one runs a botnet that is constantly sending spam or performing attacks. They spend most of their time idle. If you know the right places to look there are some nice Web interfaces where you can transfer money from paypal to rent out control of a botnet for a set amount of time. The operator doesn't care if you're spamming or DDoSing people, only that he got paid. Thus, while people may find spamming more profitable, others will see a good extortion opportunity and take that as well, and still others will DDoS their competitors, or former employer, of government they dislike, or anyone else they are mad at.

Re:No extortion ever, then! (4, Insightful)

R3d M3rcury (871886) | more than 7 years ago | (#18949477)

It's sort of like kidnapping.

Way back when, kidnapping was a pretty good way to make some quick cash. Grab somebody's significant other and tell them to deliver money to see them again. The automobile was pretty new and you could grab somebody and get them far enough away in a short amount of time that local law enforcement couldn't deal with it.

Thus, the feds were immediately brought in to any kidnapping case. Because the FBI had kidnapping specialists who knew all the angles, kidnapping for ransom became very unsuccessful. Nowadays, you rarely hear of a kidnapping case with a ransom demand here in the United States. It's just not worh it.

Re:No extortion ever, then! (1)

f1055man (951955) | more than 7 years ago | (#18949761)

"Nowadays, you rarely hear of a kidnapping case with a ransom demand here in the United States. It's just not worh it."
This guy threw in a new wrinkle: http://www.firstcoastnews.com/news/florida/news-ar ticle.aspx?storyid=81035 [firstcoastnews.com]

He obviously has some self-esteem issues.

Re:No extortion ever, then! (1)

techno-vampire (666512) | more than 7 years ago | (#18950133)

I doubt this is the first time that's happened, and if so, it's just life imitating art. I've seen that type of thing done on TV several times in the last few years.

Re:No extortion ever, then! (2, Funny)

Anonymous Coward | more than 7 years ago | (#18949933)

Actually, it sounds more like someone kidnapping someone's wife, only to have the ransom demands met with "keep her!"

Re:No extortion ever, then! (1)

soft_guy (534437) | more than 7 years ago | (#18950069)

But apparently they can't solve the problem of kidnapping for ransom in south america because it is still a major problem there.

Re:No extortion ever, then! (3, Informative)

joe_kull (238178) | more than 7 years ago | (#18950095)

South America, the Philippines (well, less Luzon than the other islands), southern Asia... lots of places. Probably because a lot of those places have weak central governments so "The Feds" aren't around to bring massive resources to bear on every single kidnap case. If they were, I'm sure the US solution would work fine.

If.

Re:No extortion ever, then! (2, Funny)

Reaperducer (871695) | more than 7 years ago | (#18950409)

the US solution would work fine.
Never thought I'd see that phrase on Slashdot.

Re:No extortion ever, then! (0)

Anonymous Coward | more than 7 years ago | (#18950865)

Never thought I'd see that phrase on Slashdot.

"the Microsoft solution would work fine"

There, made it even more unlikely for ya.

Re:No extortion ever, then! (1)

hkmarks (1080097) | more than 7 years ago | (#18951169)

Microsoft would buy the kidnappers' business out from under them, patent their methods, and within 10 years have a monopoly.

Re:No extortion ever, then! (1)

westyx (95706) | more than 7 years ago | (#18951365)

It's not so much "The Feds" as strong and uncorrupted law and order structures.

Revenge (2, Funny)

Hao Wu (652581) | more than 7 years ago | (#18949805)

It isn't enough for DOS to stop. I want them to pay for what they have done to my beautiful internet. I want them to bleed and to suffer greatly for crime of extorting moneys from innocent web administrators.

Money isn't everything (1)

mrbluze (1034940) | more than 7 years ago | (#18949883)

..at least not directly. A DoS attack, whilst it may not win money, is a very useful thing indeed if you are taking down competition, or trying to affect the share price of a company, or taking on a political enemy.

We may be seeing the fall of random attacks, but attackers will still be busy doing jobs for money.

Re:No extortion ever, then! (2, Interesting)

fermion (181285) | more than 7 years ago | (#18950685)

No, by this logic it means that few would conduct such attacks for money. However we know that people conduct attacks for many other reasons. The assumption that attacks occur only for direct cash rewards results in miscalculations that cause significant holes in security systems and can even start wars.

On the relative benign side we know that people crack security just to see if it can be done, to test their wits against a verified expert. On the less benign side, fanatics might attack because they think the act will give them some other reward. For instance, if we take a purely hypothetical example, religious fanatics might be told by their Pastor to attack the web site of some godless politician so the preferred candidate might have a better chance of winning and installing other fanatics in traditionally secular positions. Such attacks would have a defined timeframe, and therefore predictable costs and risk, and win or lose, would have at least have a terroristic effect. Such an attack would be clearly logical, profitable, and effective.

Re:No extortion ever, then! (1)

EsbenMoseHansen (731150) | more than 7 years ago | (#18955395)

fanatics might attack because they think the act will give them some other reward. For instance, if we take a purely hypothetical example, religious fanatics might be told by their Pastor to attack the web site of some godless politician

Right on. Richard Dawkins (noted Atheist) has a forum which was DoS not long ago (the DoS'er bragged about it too, on their own forum). Sad, really. The forum stayed up, but was slow, so it wasn't that bad. T

Re:No extortion ever, then! (0)

Anonymous Coward | more than 7 years ago | (#18958273)

By this logic, nobody would ever engage in any kind of extortion.

No, the costs differ by type. Consider this classic case: "I have pictures of you having an affair, and I will send them to the tabloids if you don't pay me $BIGNUM." If they refuse to send you $BIGNUM, carrying through on your threat is a no-brainer - little additional chance of detection, the tabloids might pay you money, no additional laws broken, and presumably it encourages future victims to pay.

R3d M3rcury pointed out that DDoS extortion is more like kidnapping for ransom: "I will kill him unless you pay me $BIGNUM." Carrying through on the threat has a definite cost - raising the charge if caught from kidnapping to first-degree murder and ensuring police involvement. There are at least seven outcomes: (1) you get caught with the threat outstanding (2) you get caught after killing the guy (3) you get caught after letting him go anyway (4) the cops shoot and kill you (5) you get caught after getting paid (6) you get paid and go free (7) you let him go anyway and go free. They have very different consequences, and few potential ransomers in the US find the odds and payouts encouraging.

The payment risk has also prolly risen as well. (4, Interesting)

Penguinisto (415985) | more than 7 years ago | (#18949183)

The author, if I read this correctly, assumes that the risk is constant... but compare the profit from spammers (who can make payments more directly, as noted), and extortionists (who stand a good --not perfect, but good-- chance of having that payment traced/tracked. Sure, it'll go to some money-handling service in Russia or whatnot, but that wouldn't put it completely out of the realm of trackability.

They still want the money somehow, and getting it bears higher risk with extortion than by simply grabbing dough under-the-table from spammers.

I suspect (okay, hope?) that spamming will begin to lose its profit motive as well, as users become computer-literate enough en masse to ignore emailed pitches... making the reward not really worth the effort. Even the dumbest user can get ripped off only so many times before they either a) go broke, or b) figure out that maybe they should stop buying stuff from spammers.

/P

Re:The payment risk has also prolly risen as well. (5, Insightful)

tmarthal (998456) | more than 7 years ago | (#18949301)

He also doesn't seem to get that sometimes people DoS sites out of spite [slashdot.org] or out of malice [vitalsecurity.org] .

You can't put a pricetag on being an asshole to the internet community.

Re:The payment risk has also prolly risen as well. (1)

Chmcginn (201645) | more than 7 years ago | (#18949633)

Well, to be fair, he does mention "extortion" enough times that one would not be too far off assuming that he's talking about crime for monetary gain, as opposed to a crime of passion... umm... well, I suppose DDOSing a blogger than made fun of you could be considered passion.

Really lame passion, but so it goes.

I don't think that's his concern.. (2, Insightful)

msimm (580077) | more than 7 years ago | (#18950367)

There will always be kiddie. But Symantec should be focused on the CTO and the SMB/Enterprise customer. The kinds of places they've targeted these [symantec.com] kinds products at.

Suggesting that DDOS attacks will go away would be silly, but as a business concern which security companies have whipped up to a somewhat feverish pitch this is a sign that these concerns are changing. Anyway, DDOS solutions where probably nowhere near as lucrative as other more trendy areas of network protection (spam/worms/malicious web-content filtering/ids/data retention etc).

Re:The payment risk has also prolly risen as well. (1)

k12linux (627320) | more than 7 years ago | (#18949685)

Unfortunately there is no shortage of people who will do dumb things which are not in their best interest.

It's a numbers game. If you are getting millions of spams into inboxes worldwide daily you don't need that many people to buy your product/service to make significant profits. 1% of 1 million is still 10,000. (And in the US, 1.5% if us have an IQ BELOW 60.)

Re:The payment risk has also prolly risen as well. (0)

Anonymous Coward | more than 7 years ago | (#18949699)

Even the dumbest user can get ripped off only so many times before they either a) go broke, or b) figure out that maybe they should stop buying stuff from spammers.

Users who buy stuff from spammers do not necessarily get ripped off or figure out they shouldn't buy stuff from spammers. As long as the internet contains even just a few people with email addresses who want to buy penis enlargement pills, etc... and the cost of email remains negligible, the spammers have a working business model, despite how much it annoys the hell out of everyone else. The cold hard fact of the matter is spammers will never go away until there is a major overhaul of the email system.

I'M GONNA VIOLATE YOU (-1, Troll)

TripcodeMel (1074294) | more than 7 years ago | (#18949207)

I think I'm going to cream myself, if someone actually named their child after Titans ace Yazan Gable.

Don't worry guys (1)

Richard McBeef (1092673) | more than 7 years ago | (#18949209)

These people will surely find some other way to fill their day.

Twofo GNAA (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#18949215)

Faggots. [twofo.co.uk]

                        GNU GENERAL PUBLIC LICENSE
                              Version 2, June 1991

  Copyright (C) 1989, 1991 Free Software Foundation, Inc.
          59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.

                                Preamble

    The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.

    When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.

    To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.

    For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.

    We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.

    Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.

    Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.

    The precise terms and conditions for copying, distribution and
modification follow.

                        GNU GENERAL PUBLIC LICENSE
      TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

    0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".

Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.

    1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.

You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.

    2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:

        a) You must cause the modified files to carry prominent notices
        stating that you changed the files and the date of any change.

        b) You must cause any work that you distribute or publish, that in
        whole or in part contains or is derived from the Program or any
        part thereof, to be licensed as a whole at no charge to all third
        parties under the terms of this License.

        c) If the modified program normally reads commands interactively
        when run, you must cause it, when started running for such
        interactive use in the most ordinary way, to print or display an
        announcement including an appropriate copyright notice and a
        notice that there is no warranty (or else, saying that you provide
        a warranty) and that users may redistribute the program under
        these conditions, and telling the user how to view a copy of this
        License. (Exception: if the Program itself is interactive but
        does not normally print such an announcement, your work based on
        the Program is not required to print an announcement.)

These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.

In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.

    3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:

        a) Accompany it with the complete corresponding machine-readable
        source code, which must be distributed under the terms of Sections
        1 and 2 above on a medium customarily used for software interchange; or,

        b) Accompany it with a written offer, valid for at least three
        years, to give any third party, for a charge no more than your
        cost of physically performing source distribution, a complete
        machine-readable copy of the corresponding source code, to be
        distributed under the terms of Sections 1 and 2 above on a medium
        customarily used for software interchange; or,

        c) Accompany it with the information you received as to the offer
        to distribute corresponding source code. (This alternative is
        allowed only for noncommercial distribution and only if you
        received the program in object code or executable form with such
        an offer, in accord with Subsection b above.)

The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.

If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.

    4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.

    5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.

    6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.

    7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.

It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.

This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.

    8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.

    9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.

Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.

    10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.

                                NO WARRANTY

    11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

    12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

                          END OF TERMS AND CONDITIONS

                How to Apply These Terms to Your New Programs

    If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.

    To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.

        Copyright (C)

        This program is free software; you can redistribute it and/or modify
        it under the terms of the GNU General Public License as published by
        the Free Software Foundation; either version 2 of the License, or
        (at your option) any later version.

        This program is distributed in the hope that it will be useful,
        but WITHOUT ANY WARRANTY; without even the implied warranty of
        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
        GNU General Public License for more details.

        You should have received a copy of the GNU General Public License
        along with this program; if not, write to the Free Software
        Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

Also add information on how to contact you by electronic and paper mail.

If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:

        Gnomovision version 69, Copyright (C) year name of author
        Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
        This is free software, and you are welcome to redistribute it
        under certain conditions; type `show c' for details.

The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.

You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:

    Yoyodyne, Inc., hereby disclaims all copyright interest in the program
    `Gnomovision' (which makes passes at compilers) written by James Hacker.

    , 1 April 1989
    Ty Coon, President of Vice

This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

it is likely that they will never pay (1)

Threni (635302) | more than 7 years ago | (#18949239)

It's just calling their bluff. Can they handle a DOS? If so, bring it on. Otherwise, they may end up financially better off to just pay them. Assuming you can trust that they'll not do it anyway.

Re:it is likely that they will never pay (1)

Dan Ost (415913) | more than 7 years ago | (#18956331)

Would you trust a criminal to keep his word?

Even if you do, would you trust other criminals not to extort you once it's known that you have a history of caving to such threats?

Bot network? (3, Funny)

psaunders (1069392) | more than 7 years ago | (#18949257)

For a DoS extortionist, this is the worst scenario because they have to risk their bot network for nothing at all.
You don't need a bot network to be a DoS extortionist. Unplugging your target's modem is just as effective, and has the virtue of simplicity.

The extortion part is difficult though, since the target must decide whether to comply with your demands (i.e. payment) or else just give you a good thrashing.

Re:Bot network? (5, Funny)

myowntrueself (607117) | more than 7 years ago | (#18949735)

You don't need a bot network to be a DoS extortionist. Unplugging your target's modem is just as effective, and has the virtue of simplicity.

I think I see where you are coming from; my ISP is some kind of DoS extortionist... if I stop paying them they DoS me.

Help, I am being exploited! :(

Re:Bot network? (1)

tygerstripes (832644) | more than 7 years ago | (#18954823)

"All established utility provision is legalised blackmail" - Marx.


(Groucho or Harpo, I forget which).

botnet for personal projects? (3, Funny)

OrangeTide (124937) | more than 7 years ago | (#18949299)

Got some nuclear research you'd like to do but don't have the resources to create a super computer? rent a botnet!

Perhaps we could make them into a self-aware AI one day, imagine that. an AI running on poorly secured Windows boxes

Re:botnet for personal projects? (2, Insightful)

element-o.p. (939033) | more than 7 years ago | (#18949583)

...and Skynet was born <shudder>

Re:botnet for personal projects? (1)

myowntrueself (607117) | more than 7 years ago | (#18949745)

Perhaps we could make them into a self-aware AI one day, imagine that. an AI running on poorly secured Windows boxes

Especially if those poorly secured Windows boxes were running Windows for Warheads/Warships...

Re:botnet for personal projects? (2, Interesting)

MoxFulder (159829) | more than 7 years ago | (#18949983)

Got some nuclear research you'd like to do but don't have the resources to create a super computer? rent a botnet!

Funny, but unlikely I think.

Botnets wouldn't be all that good for supercomputing, except maybe of highly parallelizable problems (voluntary networks like SETI@home already work on those). Botnets don't have the fast communication links between nodes which are vital to the performance of most supercomputers... which often incorporate fancy network technologies like Infiniband or Fiber Channel or even just good ol' 100/1000-MBit ethernet.

As I see it, the main advantage of botnets is their massive outgoing network bandwidth: ten thousand desktops with broadband, averaging conservatively 5 kB/s outbound, gives a wopping 50 MB/s. A commodity computer can EASILY spit out 50 MB of email per second with some intelligent software... but *paying for* the bandwidth to actually send it that fast would be absolutely prohibitive. That's the real reason spammers use botnets.

(Of course, there's also the fact that botnets are a lot harder to isolate and blacklist than a single server.)

Re:botnet for personal projects? (1)

mosch (204) | more than 7 years ago | (#18950179)

A commodity computer can EASILY spit out 50 MB of email per second with some intelligent software... but *paying for* the bandwidth to actually send it that fast would be absolutely prohibitive. That's the real reason spammers use botnets.

Prices from my inbox:
50Mbps sustained, burstable to 100mbit, $2,000/month.
100Mbps sustained, $3,700/month.
300Mbps sustained, $10,800/month.

(Of course, there's also the fact that botnets are a lot harder to isolate and blacklist than a single server.)

Bingo.

Re:botnet for personal projects? (1)

adona1 (1078711) | more than 7 years ago | (#18950483)

Well, there's an idea....I wonder how long it will be before some enterprising young hacker worms their way into controlling Sony's Folding@Home [slashdot.org] network? 250,000 PS3s could create more than a few DDoS attacks...

Virus? (2, Funny)

sonictheboom (546359) | more than 7 years ago | (#18955311)

What happens when it gets a virus? AI goes crazy? What happens when it becomes self aware and finds out that it is made out of Windows? Self loathing and madness. Scary thoughts.

Re:botnet for personal projects? (1)

garwain (688087) | more than 7 years ago | (#18955605)

> Perhaps we could make them into a self-aware AI one day, > imagine that. an AI running on poorly secured Windows boxes Why bother? As soon as it becomes self-aware enough to realize it's running on windows, it will commit suicide...

We Don't Know (1)

4e617474 (945414) | more than 7 years ago | (#18949313)

DDoS attacks were profitable for years. The author is citing challenges that have always been a part of the practice as the reason they turned to an older technique - as if the idea hadn't panned out. As far as the risk involved, everything I've heard about people responding to botnets was pretty much about people watching to see how big a problem it was. The only thing I've ever heard about someone fighting back was this guy [slashdot.org] , and unless there were a lot more like him over the following year than I heard, the only explanation that makes sense to me is that spam just got that much easier and more lucrative. Not that I expect Symantec to talk about how anti-virus and anti-spam software like the products they sell fails to stop millions of people from getting infected with malware that makes their computer send spam that isn't filtered out.

One assumption though... (4, Insightful)

Chabil Ha' (875116) | more than 7 years ago | (#18949325)

That all DDoS attacks are for the purpose of extortion. Does nobody do these things simply because they just want to blackball someone [wikipedia.org] anymore? No, this isn't the death of the DDoS.

Re:One assumption though... (1)

gbjbaanb (229885) | more than 7 years ago | (#18953985)

After reading this, the best thing the BlueFrog people could have done was to taunt the attackers and refuse to stop. Nothing would be different from today's state (where BlueFrog effectively closed down), but the botnet used to DDoS them would still be used in the attack, and not used to send out millions of spams. And the spammer would be poorer and more pissed off.

So the moral of this story, kids, is never give in to the blackmailers.

Re:One assumption though... (1)

Chabil Ha' (875116) | more than 7 years ago | (#18956123)

Unfortunately, the wikipedia article doesn't explain that Blue Frog decided against any sort of retaliation because 'they didn't feel that they had the right to bring their users into an all-out war with spammers'. Too bad. I think that they had positioned themselves to put a serious dent in the spam wars, and they ran off with their tail between their legs. Too bad, indeed.

The victim still pays indirectly (3, Insightful)

southpolesammy (150094) | more than 7 years ago | (#18949385)

Even if the victim doesn't pony up to stop the DoS, they still pay in lost service and opportunity. In this regard, a DoS against a big moneymaking site means a huge loss of revenue. How long until an ethically-challenged company DoS's their competition?

Re:The victim still pays indirectly (1)

zappepcs (820751) | more than 7 years ago | (#18949659)

Well, there are worse things that can be done with a bot net. Having the botnet as receptor nodes, it would be possible to commit anonymous industrial espionage with a combo of botnet and virii/worms as information collectors. If you get hired to spy, and are paid regularly, you can come and go as you please through the victim's network once you have infiltrated it.

Things that might be transported via botnet: pr0n, spying, video downloads, terrorist messaging, and apparently none of the RNC messages. Anything that you want to be hidden can be hidden even further if it is such a small blip on the radar as to not even register above the noise level that is message traffic on the Internet, or even just some companies email traffic.

Re:The victim still pays indirectly (1)

halcyon1234 (834388) | more than 7 years ago | (#18950809)

How long until an ethically-challenged company DoS's their competition?

If it hasn't happened already, all what someone needs to do is get their competitor onto the front page during a critical service.

Re:The victim still pays indirectly (1)

Jeff DeMaagd (2015) | more than 7 years ago | (#18955505)

How long until an ethically-challenged company DoS's their competition?

I think it has been done or attempted. The name escapes me right now. The few details I remember was that the owner or a manager asked an employee to do it, the employee did it and then the management denied ever asking.

Re:The victim still pays indirectly (0)

Anonymous Coward | more than 7 years ago | (#18956053)

I have seen it first hand and been one of the poor saps who management asks to undertake the task. Of course its done under the threat of losing your job and one damn well knows that management will deny it if there is ever any repercussions.

Thank god my management were idiots and I was able to cleverly craft my actions where the traffic would never leave the border routers; as a fringe benefit, it actually managed to hard lock a MSFC.

mod dOw(n (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#18949537)

Interesting Idea but (1)

KKlaus (1012919) | more than 7 years ago | (#18949549)

At the least the idea that an extortionist has to carry out the DoS when after being denied payment doesn't make much sense. Since I assume they (the extortionist) are essentially remaining anonymous, there really isn't any need to prove anything, particularly after you know you aren't getting any money from the person you're attacking. As long as there are others still carrying out the attacks, so that they remain a believable threat, there's no reason for you personally to get involved.

So while I think that part is specious, the author is probably right about it coming down to simple terms of risk and profitability. Even if the extortion was marginally more profitable, committing crime completely anonymously, a la pump and dump spam, I suspect is very very appealing and now that the concept has worked its way through the black hat community, many are changing their game. Whether that's ultimately a good thing, in the sense of whether it's better to have many people bled than a few people shot, I don't know.

Re:Interesting Idea but (1)

westyx (95706) | more than 7 years ago | (#18951281)

There is a need to prove something - if you target an online casino, they don't pay and you ddos them, their competitors will notice and realise it could happen to them. Whereas, if you don't follow through on your threat to ddos them, word will still get around, but it will be "the threats are empty".

Someone from Symantic Said That? Ha, ha, ha! (0, Flamebait)

twitter (104583) | more than 7 years ago | (#18949597)

Symantec security researcher Yazan Gable has put forward an explanation as to why the number of denial of service attacks has been declining (coincident with the rise of spam). His theory is that DoS attacks are no longer profitable to attackers.

Surely he meant it was because their super efficient Windoze clients had secured the world and saved us all from this and other dastardly threats! No? Oh well.

Re:Someone from Symantic Said That? Ha, ha, ha! (1)

iago-vL (760581) | more than 7 years ago | (#18949635)

Believe me when I say, Yazan doesn't care whether or not people are running Norton's products.

Re:Someone from Symantic Said That? Ha, ha, ha! (1)

twitter (104583) | more than 7 years ago | (#18951035)

Believe me when I say, Yazan doesn't care whether or not people are running Norton's products.

Oh, I can believe that and I'm sure Yazan is good at what he does. That's not what amused me.

Why even bother to make good on your threat? (3, Insightful)

seaturnip (1068078) | more than 7 years ago | (#18949677)

If someone refuses to pay, just don't DDoS them and move on. It's not like your reputation for following through on threats is on the line, you're a secretive criminal.

Re:Why even bother to make good on your threat? (5, Informative)

MoxFulder (159829) | more than 7 years ago | (#18950057)

This is sort of a game theory problem.

No individual extortionist wants to actually expend the resources to make good on his threat... but all extortionists recognize that if NO ONE carries out their threats, they will have no power over the victims.

Re:Why even bother to make good on your threat? (1)

seaturnip (1068078) | more than 7 years ago | (#18950383)

Sure, but extortionists are selfish bastards, right? Since they are willing to screw over society to make a buck, why wouldn't they screw over the rest of the extortionists to avoid losing their botnet?

Re:Why even bother to make good on your threat? (1)

karmatic (776420) | more than 7 years ago | (#18953099)

If they aren't going to use it anyway, why not just skip the whole botnet thing in the first place? Tell people you will DOS them, then don't do it regardless of if they pay.

You can't lose what you don't have, and the victim has little way of knowing if you are serious anyway.

Re:Why even bother to make good on your threat? (1)

seaturnip (1068078) | more than 7 years ago | (#18953165)

Nobody will pay you if you do that. Any wanker can send an email threatening to DoS you with no proof. You DoS them once, then threaten to DoS them again. RTFA.

From my experience (5, Informative)

jbossvi (946552) | more than 7 years ago | (#18949885)

These guys have hit us up before. From what I have seen it is a
-give us $ or we shut you down.
      -a small quick ddos to show you they can.
-you say "no thanks", so now they ask for $$$.
      -a little bit longer ddos because you pissed them off.
-now they ask for $$$$$. which you certainly are not going to pay.
      -another little ddos, more email threats of looming death and destruction, they are "leet" after all.

at this point you begin to factor outages and lost revenues into the business plan, you call ISP's, you consider calling the FBI.

they eventually go away. The best advice we got was from someone who has a "relationship" (pronounced cashcow) with a ddos'r. The scam is that they are looking for regular clients that they know can/will pay, and that they can hit up when they need cash. The word has gotten around that if you pay once, you'll pay twice. At least in the business of online casino's everyone has begun to understand that you just dont pay, ever.

Posible DDoS'r Conversation (1, Funny)

Electr!c_B4rd_Qu!nn (933533) | more than 7 years ago | (#18950307)

"Pay me money or I'll.....post a link on Slashdot!"
"Oh God...anything but that! I'll Pay!"

Assumptions (2, Interesting)

sortius_nod (1080919) | more than 7 years ago | (#18950371)

I think it's a bit stupid to assume because the attacks have gone down are a result of not paying up. IMO it would be more of an indication of companies paying up.

Think about it. If you run a large corporation that downtime means losses that can run into the millions of dollars even for a short duration, add to this the cost of untangling any sort of mess associated with this downtime and that's a heafty bill. It would be stupid to risk the possibility of losing money (and possibly clients) due to downtime when it can be easily avoided by paying a fraction of the cost to some monkey with a botnet.

The last thing any corporation is going to do is admit to this. On top of that, any extortionist that knows you don't over extort organisations.

Seriously, saying that DoS attacks are down due to people not paying up is just stupid.

Do we expect anything less from Symantec though?

Re:Assumptions (1)

gbjbaanb (229885) | more than 7 years ago | (#18954009)

except that if you pay once, you'll very likely pay again.. and again... and again...

in the case on online extortion, so what if you bankrupt them - you don't care, there are thousands upon thousands more marks out there.

Yazan Gable? (0)

Anonymous Coward | more than 7 years ago | (#18950403)

What, we now have Gundam characters working for Symantec?

Hmm...it makes sense that Symantec is now a front for the Titans.

spammers use DOS too... (1)

A3gis (708791) | more than 7 years ago | (#18950527)

Didnt see in the article any mention of the fact that spammers are using Denial of Service attacks on anti-spam related infrastructure too - can't see those falling by the wayside any time soon. re: Blue Security - http://it.slashdot.org/article.pl?sid=06/05/08/142 229 [slashdot.org]

DDoS irrelevant? Tell that to my syslogs! (0)

Anonymous Coward | more than 7 years ago | (#18951063)

We got DDoS'ed by some script kiddie who apparently didn't like the grade that his teacher gave him (the kid had a botnet). He DDoS'ed us, but we put a stop to it and did (thank goodness!) track him down. Thankfully, our WAN link is big enough that it didn't cripple us; his botnet apparently isn't one of the mondo-huge ones. The kid got expelled. [mailto]

Call me biased, but... (0)

Anonymous Coward | more than 7 years ago | (#18951721)

It's really difficult to take anything someone says when they go by a psudonym taken from a Gundam character. No, I haven't RTFA.

That's like... (0)

Anonymous Coward | more than 7 years ago | (#18951765)

"As a consequence, the attacker has to spend time and resources on a lost cause." Kinda like in Iraq?

People are better at security (2, Interesting)

eraser.cpp (711313) | more than 7 years ago | (#18952051)

I'm of the opinion that the software industry has just wised up a bit to security threats. IT too has become better at reducing their surface area of attack and patching products; Windows automatic updates probably did a world of good. Many ISPs filter the majority (all?) ports open by default on Windows as well. I help run a fairly large IRC network and we have seen the frequency of botnet activity and DDoS attacks drop dramatically over the last couple years. It's good and bad, I personally found things a little more exciting when a major hole would come out and chaos would ensue for the next week. Remember when blaster came out and the Internet grinded to a halt?

more DDoS prevention today as well (4, Interesting)

linenoise (34380) | more than 7 years ago | (#18952095)

Another factor why the DDoS extortion of today is less profitable than a few years back is the existence of mechanisms to mitigate attacks more effectively. Companies like Arbor Networks and Cisco make products that let enterprises and Service Providers quickly flip a switch to redirect and protect legitimate customer traffic. I helped design the Sprint IP Defender [sprint.com] solution, providing Sprint customers both quick notification of a security event AND the option to circumvent the issue. This takes all the control away from the extortionists.

Naturally, being employed in the managed security space, I have a dichotomy of interests that should not be forgotten - yes I want to see DDoS incidents being eliminated BUT yes I work for a company where fear of an incident leads companies to buy services from us which in turn drives up my 401k. There is big business in fear, but hey, if you lose $100k in revenue every 10 minutes your network is down, it only makes sense that you protect that income stream. Anyways, for every one extortionist, there are three script-kiddies hanging out in #l33tddos on EFnet wanting to see the level of damage he/she can impose.......

G'night all.

Re:more DDoS prevention today as well (1)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#18955837)

Anyways, for every one extortionist, there are three script-kiddies hanging out in #l33tddos on EFnet wanting to see the level of damage he/she can impose......

Yeah, I've seen a number of session captures from botnet control networks. A lot of botnet operators are simply renting out time on their botnet and they don't care if you're sending spam for profit or trying to DDoS the americans. One session in particular was controlled by a guy attacking Denmark IP blocks during the whole mohammed cartoon debacle. It took the guy multiple tries to figure out the simple commands to launch an attack, he targeted a block of cable modems with no real value and he attacked on a port that was mostly unused anyway resulting in easy filtering and less damage. Even if no one ever pays extortion fees, there is still a lot of profit for botnet operators to rent them out to disgruntled people around the world.

It depends on the hosting priovider too (1)

Megane (129182) | more than 7 years ago | (#18956451)

I've heard that there are some hosting providers out there that are so well connected that any attempt to DDoS them just shuts down one of their upstream links, without any significant effect on global availablity of the web sites they host.

Re:It depends on the hosting priovider too (1)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#18957329)

I've heard that there are some hosting providers out there that are so well connected that any attempt to DDoS them just shuts down one of their upstream links, without any significant effect on global availablity of the web sites they host.

I can understand how such a thing might happen in the short term for a regular DoS attack, but why would a DDoS attack not be incoming on all their upstream links more or less equally? Obviously if you have enough bandwidth it will only clog your smaller pipes, but that is a lot more expensive of a proposition in several ways than mitigating the DDoS using standard routing techniques.

Teach the end lusers a lesson (0)

Anonymous Coward | more than 7 years ago | (#18953091)

I'd like to see someone build up a large botnet and then do as much hardware damage (turn on disk encryption, write over the bios flash memory, etc.) as they can to all of the machines in the botnet.
Then end lusers will actually start caring about security and maybe their machines won't be used to send me spam in the future.

I think the real reason is: (1, Interesting)

Anonymous Coward | more than 7 years ago | (#18954305)

I think the real reason is that extortions do not make real sense in an online enviroment. Why:

There is no real threat. You will never get killed/injured it is just about numbers. And since: If you pay once you will pay twice (and thrice...) is so true it is better/cheaper to never ever pay and just take the pain once. You will just loose chash no fingers!

There is no way to protect a turf. If I pay a) then b) could extort me also or even worse a) could pretend to be b) or c) now to extort even more money. In real life I only pay they guys who own (and protect) the turf. And nobody else. Extortion in real life s either about protection also, or it is life/health threatening.

No different from other threats (1)

PhotoGuy (189467) | more than 7 years ago | (#18954583)

When you don't pay your drug dealer, him coming and killing you doesn't increase the odds of *you* paying (at all); but it reinforces his reputation, so others will be sure not to fail in their payments. I don't see how this is any different. Yes, if you make a threat, and have to follow through, there is no direct benefit from the effort required in following through; however, there is "P.R." value for your next threat.

Doesn't work? (2, Insightful)

tygerstripes (832644) | more than 7 years ago | (#18954873)

I don't think this would hold true in the corporate world.

Most businesses who refuse to pay up get someone in quickly to prevent their internet tubes getting clogged. Either that or (if it's cheaper) just let it happen, and find a way around it or ride it out. Either way, they won't actually publicise the proposed extortion as it's bad PR for them. Similarly, if they do pay up, nobody ever finds out about it - so there's no PR again. (Obviously there are exceptions in both cases, but for every exception you can guarantee there will be a few that meet this pattern).

To piggy-back the analogy; if nobody ever found out about the murders or the threats thereof, it would be all effort and no PR return for the dealer.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>