Language Selection

English French German Italian Portuguese Spanish

Denial of service attack victim speaks out

Filed under
Security

he founder of an online payment system has spoken to silicon.com about his experience of being targeted by Russian gangsters who threatened to destroy his website and his business if he didn't pay them $10,000 to leave him alone.

To this day his website is under continual attack.

Asif Malik, founder of NoChex, said his first contact with these hackmailers was in August 2004 when he received an email saying his website would be taken down by a denial of service attack if the money wasn't paid into an account based in Latvia.

"We'd received loads of emails like this before and my initial reaction was just ignore it," Malik told silicon.com. "But an hour later the site went down. They'd attacked us with 155Mb of data."

Malik was in no doubt what this would mean for his business.

"If they did what they said they'd do, which was attack the site for 30 days continuously, then we would have been unable to process transactions and we would have lost all our merchants.

"We'd not be in business today," he added.

Such an attack, often generated by a network of compromised machines all directing traffic at a particular server or website, will overload and bring down a website.

Malik then contacted the Russian gangsters behind the extortion scam and asked for one day to get the money together. They agreed to the delay and stopped the attack.

However, during that time Malik contacted his ISP Pipex who were already threatening to "black hole" his website as the attack was impacting the whole Pipex network and asked them to implement a Cisco Guard solution which effectively rerouted all traffic and cleaned it of the malicious traffic being generated by the crippling denial of service.

"The next morning they were emailing asking 'where is our money?'. When they realised we weren't going to pay-up they launched another attack but this time it had no effect."

Predictably this did not go down well. Malik received a string of abusive and threatening emails.

And to this day the attacks continue - though they have little impact on the NoChex website.

"I think they are still looking for a new way in," said Malik. Though he now employs several penetration testing companies to continually check he's leaving no door open for the Russian extortionists to return.

Malik reported the attack to Scotland Yard but as yet has heard nothing of the ongoing investigation.

Many other victims of such attacks, most commonly targeted at businesses such as online casinos, bookmakers and payment services, whose businesses are very time sensitive, have also spoken out about their problems.

Full Story.

More in Tux Machines

Graphics: Mesa 17.2.6 RC, AMDGPU, and Vulkan

  • Mesa 17.2.6 release candidate
  • Mesa 17.2.6 RC Arrives With 50+ Fixes
    While Mesa 17.3 is imminent and should be released as stable within the next few days, Mesa 17.2.6 is being prepped for release as the current point release.
  • 43 More AMDGPU DC Patches Hit The Streets
    While the massive AMDGPU DC infrastructure has been merged for Linux 4.15, the flow of improvements to this display code continues and it looks like the next few kernel cycles at least could be quite busy on the AMD front.
  • A Prototype Of The Vulkan Portability Initiative: Low-Level 3D To Vulkan / D3D12 / Metal
    A Mozilla engineer has put out a prototype library in working on the Vulkan Portability Initiative for allowing low-level 3D graphics support that's backed by Vulkan / Direct3D 12 / Metal. With Apple sticking to their own Metal graphics API and Direct3D 12 still being the dominant graphics API on Windows 10, The Khronos Group has been working towards better 3D portability for where Vulkan may not be directly supported by the OS/drivers or otherwise available. They've been working to target a subset of the Vulkan API that can be efficiently mapped to these other native graphics APIs and to have the libraries and tooling for better compatibility and code re-use of these different graphics APIs.

Kernel: Linux 4.15, TLDR, and Linus Torvalds' Latest Rant

  • Linux 4.15 Adds AMD Raven Ridge Audio ID
    Not only is AMD Stoney Ridge audio (finally) being supported by the Linux 4.15 kernel, but it also looks like Raven Ridge audio should now be working too.
  • Linux 4.14.2 Fixes The BCache Corruption Bug
    Normally I don't bother mentioning new Linux kernel point releases on Phoronix unless there are some significant changes, as is the case today with Linux 4.14.2.
  • TLDR is what Linux man pages always should have been
    If you get stuck using a Linux tool, the first port of call shouldn’t be to Stack Overflow, but rather its “man pages.” Man — which is short for manual — retrieves documentation for a given program. Unfortunately, this can often be dense, hard to understand, and lacking in practical examples to help you solve your problem. TLDR is another way of looking at documentation. Rather than being a comprehensive guide to a given tool, it instead focuses on offering practical example-driven instructions of how something works.
  • Linux creator Linus Torvalds: This is what drives me nuts about IT security
    Developers are often accused of not thinking about security, but Linux kernel founder Linus Torvalds has had enough of security people who don't think about developers and end-users. After blasting some kernel developers last week for killing processes in the name of hardening the kernel, Torvalds has offered a more measured explanation for his frustration with security myopia. While he agrees that having multiple layers of security in the kernel is a good idea, certain ways of implementing it are not, in particular if it annoys users and developers by killing processes that break users' machines and wreck core kernel code. Because ultimately, if there are no users, there's not much point in having a supremely secure kernel, Torvalds contends.

Unity 7 Hoping To Become An Official Flavor For Ubuntu 18.04 LTS

While Canonical abandoned their work on the Unity desktop environment in favor of the Unity-inspired customized GNOME Shell that debuted in Ubuntu 17.10, some within the community have remained interested in maintaining Unity 7 and even getting it into an official spin/flavor of Ubuntu. Posted today to the community.ubuntu.com was a Unity maintenance roadmap, reiterating the hope by some in the Ubuntu community for Ubuntu Unity to become an official LTS distribution of Ubuntu. They are hoping to make it an official flavor alongside Kubuntu, Ubuntu Budgie, Xubuntu, and others. Read more Original/direct: Unity Maintenance Roadmap

Programming/Development: Django and Google India

  • An introduction to the Django ORM
    One of the most powerful features of Django is its Object-Relational Mapper (ORM), which enables you to interact with your database, like you would with SQL. In fact, Django's ORM is just a pythonical way to create SQL to query and manipulate your database and get results in a pythonic fashion. Well, I say just a way, but it's actually really clever engineering that takes advantage of some of the more complex parts of Python to make developers' lives easier.
  • Hey, Coders! Google India Is Offering 130,000 Free Developer Scholarships — Here’s How To Apply
  • Google to prepare 1.3 lakh Indians for emerging technologies

    "The new scholarship programme is in tandem with Google's aim to train two million developers in India. The country is the second largest developer ecosystem in the world and is bound to overtake the US by 2021," William Florance, Developer Products Group and Skilling Lead for India, Google, told reporters here.