--closed--

Luckily, right now I do not have any huge campaigns running. I really feel for people who did and who were relying on this certain period to bring in more subscribers and customers into their funnels.
I imagine many of you do so on a everyday basis.

That really is a bad situation for a hell out of a lot people

Just imagine, its like going to a regular job and your Boss tells you that unfortunately, you have to show up for work but for 3 or 4 days you do not get paid at all for your service.

People would be outraged at their employer !

I think its just some eastern european hackers who probably have nothing better to do but mess with whatever they can.

Same scenario as with Target but a much smaller company obviously.

Just a guess I cant see competitors going that route but I guess anything is possible these days.

P.S. Looks like Aweber is down once again.

I know the term DDOS attack for a long time (maybe 5yrs) but I don't know what it really means. And do they not need some hosting account to launch the attack? I couldn't think of competitors maybe some hacker kids etc.

Aside from revenge and "cause" based PR, there's the obvious: extortion. It's a common enough thing. "Pay us, or we DoS you."

Not complicated.

All we can do for now is speculate on when the next storm will come and if we are smart, do what each of us can to prepare for it. You just can't be sure what the reason or plan behind these attacks is (if it has any at all).

I don't want to get specific, but over 3 years ago there was a phishing attack which hit numerous companies, not all of which at face value had close connections. Certain security people connected the dots within their own company/networks, but never went public with the information and so, no one was aware that other companies were seeing a similar MO on attacks. This lead eventually to data breaches at more than one company.

I actually noticed something was up and sent out an email to an industry group I was a member of, suggesting there might be something up, but it never clicked and I (regretably) did not push harder on the concern. It was cold comfort when after the attack people took notice of me being one who suspected something was coming. Since then, I yell like a boy being chased by a wolf at the drop of a hat.

My point is that the only way for you to get any sleep is to have ducks in a row and backup your data and have some kind of plan on how to deal with such issues. A DDOS attack is like a tornado and a data breach is like a fire -- have an escape and recovery plan.

There's no way to be sure what the objective behind these attacks is, but it's certainly not good. However, I agree with Paul, I don't think this is some complicated conspiracy. It may be as simple as extortion as he said.

Regards,
jim

While I agree with Paul's suggested reason for these attacks, I believe there could be other reasons.

There are zealots and elitists in all aspects of life, religion, politics and the Internet. Some of these zealot elitists have the belief that the Internet was created for free exchange of information and Aweber and other similar services are polluting their 'idea' of how the Internet should operate, thus they will try to punish the offender and see how much business they can cause them to lose?

On my conspiratorial side - who knows, maybe the NSA is testing some new means of shutting down the Internet on a piecemeal basis that if successful will be expanded to a greater degree when they feel a shutdown is needed?

As a final note - it appears they are still having issues as I just attempted to view something that was sent to me in an investment newsletter that was thru an Aweber link....so the conspiratorial zealotry extortion continues.

I think the only benefit is for the people who are DDOSing which is that they get a pleasure and satisfaction in hurting others and ruining things for people. I really hate it when people ddos

Hi Paul,

You don't miss much do you? Yes, that was the incident. Too many silos on that one and no one communicated and by that I am not pointing my finger at the ESPs. That attack originated with client side or at least, among the first to detect it was a security person at the Gates institute, but he never spoke up. I did speak up, but only among the ESP industry insiders group and frankly, I regret I didn't scream like a stuck pig. I definitely would not say these issues are related and I agree the gaming attack is likely not related either.

And I do agree that at this point all we just don't know what the motivation is or if there is a strategy behind them. It's absolutely vital that those who are victims of these attacks be as transparent as possible (within reason) or people will simply leap to their own conclusions.

Regards,
jim

Good points Paul.

There has been a shake-out going on in the ESP industry for about 4 years now with many acquisitions by large corps such as Oracle, IBM and SalesForce. This is one dynamic which may even have the effect of chilling the consolidation of the industry. People may begin to look for smaller (designer) ESPs who are much more niche focused and not trying to take over the world, and thus possibly less attractive as a target.

Having said that, these DDOS attacks can also be much like aiming a laser pointer at a jet airliner - there is no sense to it...they do it because they can.

Regards,
jim

Super-villains with secret devices that can shut down the world, or specific parts of it, are no longer confined to espionage movies.

"Here is a list of my demands, Mr. Bond..."

You can monitor the latest news on the GetResponse DDoS here:

GetResponse Status

In my opinion, the vast majoirty of attacks/hacks are done just because they can...mostly just to be mean...disruptive.

Of course you have the high profile data breaches where the target was CC numbers...an obvious target. But by in large these attacks are mostly just meant to be disruptive.

There is almost never a ransom or blackmail type payment maid...although i have seen it. But most attackers dont want to attract that sort of attention to themselves.

i remember a little over a year ago or so when hackers were using wp vulnerabilities to gain data center access to perpetrate these sort of attacks. I sat in a meeting as an HG consultant that included secrets service, fbi, and lots of other federal agency guys. Most of these attackers dont want that sort of attention.

i think it was last year that some jerks off the coast of africa cut one of the few transatlantic internet cables coming into africa. They just went out there, dove down, and cut the damn line manually....just to be jerks i suppose.

I think there are just more assholes in the world that some of us would like to think...lol

Paul, I guess i am looking at it from the perspective of knowing how many attacks are stopped cold...with virtually no issues ever being noticed by anyone. They are just a blip on some server management metric monitoring tool.

When you see some of those sort of numbers you realize there are a bunch of people trying to be mean who just simply aren't skilled enough to do any damage.

But I have also seen some of the various extortion attempts you allude to. I was fairly close to one of those and I can tell you the it was mere minutes from a secret service guy saying "let me see what i can find out" ...until the attack ended. This after almost 24 hours of relentless attacks.

I guess my point is that if my website is hacked and i contact the secret service or fbi, they will tell me to call a tech guy. But if i contact them with a fairly popular website saying some guy in XXXX country is attacking my website trying to extort money from me then they are much more likely to listen and get involved. Thats not something most attackers want.

I didnt try to stay as up to date on this aweber problem as i usually do. I am more relaxed in my "old age". but i can assure you if someone was trying to exploit money from a company with the size and reach of aweber they could have gotten some big boy law enforcement help.

However if it was, as it appears to be, a simple techie vs techie type attack then those guys don't care about that really....aweber is not too big to fail in that regard.

Their can be bunch of Hackers as you say , but again why would they attack their own sites. While searching about recent site attacks I came to know taht some blackhat forums are also down. Interesting

I always wonder if this type of thing gets started by people who maybe had account problems with the service provider and then this is their form of "revenge".

Or are there just a bunch of hacker kids that want to show to
their buddies how cool they are?


this..

If you want to lose some sleep at night, take a look at this attack map of daily DDoS attacks wordwide - Digital Attack Map

Easy to miss, as the text is almost invisible (at least on my monitor) but at the bottom of the graph it states - "Data shown represents the top 2% of reported attacks."

Please continue to keep me entertained.

No one really benefits from DOS attacks. Now sometimes you have lame groups like Anonymous who do DOS attacks and claim its 'for the people' to punish evil company's (like Sony), as if denying service to a customer somehow helps the customer. But in the end DOS attacks really server no benefit to anyone.

I suspect it is extortion as well. This has happened to a number of payment processors before.