Large DDoS, small extortion

Livingood, Jason Jason_Livingood at cable.comcast.com
Thu May 22 15:23:40 UTC 2014


On 5/22/14, 12:51 AM, "Beleaguered Admin" <dealing.with.ddos at gmail.com>
wrote:

>This has been going on for a long time -- almost every detail is
>exactly the same as what is described here:
>http://techcrunch.com/2014/03/03/meetup-suffering-significant-ddos-attack-
>taking-it-offline-for-days/
>
>He is in regular communication (via whois info and other collected
>contact data) asking for <$1000 USD sums to stop the attacks.

That article said that the company didnĀ¹t want to negotiate with
criminals. As an aside I spent some time with a retired hostage negotiator
on Tuesday (which was fascinating BTW). He actually said negotiation is
always useful and sometimes paying a ransom demand can serve as a method
to track where the money goes, to identify all the actors involved for
later action (which may apply in this case). And sometimes financial
demands are dropped as a result of negotiation.

>Is it worth talking to law enforcement?  Some of these have been >500k
>costs to the customer, but we assume the person doing it isn't in any
>western country, so maybe it doesn't even matter?

You may find the law enforcement more interested in engaging within you
than you might think.

Jason



More information about the NANOG mailing list