MeetUp.com Rebuffs Extortion by Amateur DDoS Attacker

DDoS attacks are no longer just the domain of trolls and hacktivists. They’re becoming a significant online extortion and blackmail tool.

criminal-213740_640

Bitly wasn’t the only service hit with a DDoS attack recently. Meetup.com, the social network geared toward creating local clubs, had its service knocked out for the better part of four days. Meetup Co founder and CEO Scott Heiferman released a blog post about the attack, and he included some interesting details.

According to Heiferman’s account, he received an email on from a supposed DDoS attacker, claiming that a Meetup competitor had requested the attack. “I can stop the attack for $300 USD. Let me know if you are interested in my offer,” the email said. Then, the Meetup servers became overwhelmed and services went down.

As Meetup staff worked to shut out the attack and restore service, their fixes were battered with fresh attacks. Three major waves of changes were made and now the site seems stable, but Heiferman is cautious. “While we’re confident that we’re taking all the necessary steps to protect against the threat, it’s possible that we’ll face outages in the days ahead,” he wrote in his post.

Even if the amount was small, Heiferman says he didn’t pay because Meetup won’t negotiate with criminals. Furthermore, the amount of money the attacker requested was so small, it seemed like an amateur attack, which ultimately opens the door to further extortion attempts. As DDoS attacks increase in scale as well as frequency it’s getting more important for companies to provide a united front and stronger defenses.

In the light of these recent DDoS attacks, Lamar Bailey, director of security R&D for Tripwire, may have been proven right. “A successful attack on Bitly is more than likely a practice run for a larger scale attack planned in the future,” he told SCMagazineUK.

DDoS attacks are no longer just the domain of trolls and hacktivists. They’re becoming a significant online extortion and blackmail tool. Between these kinds of attacks and social engineering hacks, online services need to start reinforcing their security protocols — not just to protect user data, but to protect themselves.