33 replies
--closed--
#attacks #ddos #make #recent #wins
  • Profile picture of the author discrat
    Luckily, right now I do not have any huge campaigns running. I really feel for people who did and who were relying on this certain period to bring in more subscribers and customers into their funnels.
    I imagine many of you do so on a everyday basis.

    That really is a bad situation for a hell out of a lot people

    Just imagine, its like going to a regular job and your Boss tells you that unfortunately, you have to show up for work but for 3 or 4 days you do not get paid at all for your service.

    People would be outraged at their employer !
    {{ DiscussionBoard.errors[8995985].message }}
  • Profile picture of the author entrepreneurjay
    I think its just some eastern european hackers who probably have nothing better to do but mess with whatever they can.

    Same scenario as with Target but a much smaller company obviously.

    Just a guess I cant see competitors going that route but I guess anything is possible these days.

    P.S. Looks like Aweber is down once again.
    {{ DiscussionBoard.errors[8995987].message }}
  • Profile picture of the author awledd
    I know the term DDOS attack for a long time (maybe 5yrs) but I don't know what it really means. And do they not need some hosting account to launch the attack? I couldn't think of competitors maybe some hacker kids etc.
    {{ DiscussionBoard.errors[8995991].message }}
  • Profile picture of the author DWaters
    [DELETED]
    {{ DiscussionBoard.errors[8995998].message }}
    • Profile picture of the author entrepreneurjay
      Originally Posted by DWaters View Post

      I must express my ignorance on this issue. I see that the getresponse site cannot be accessed. Does that mean that the auto responder portion is not working as well? Should I hold off on any solo ads that have people opt-in to my getresponse auto responder?

      Yes definitely until everything is back to normal I would give it a week before I even thought about any paid ads.
      {{ DiscussionBoard.errors[8996057].message }}
      • Profile picture of the author DarrenMoore488
        Originally Posted by entrepreneurjay View Post

        Yes definitely until everything is back to normal I would give it a week before I even thought about any paid ads.
        Wise words, I've paused my PPC ads and plan on leaving them as such until things have clearly settled down.
        {{ DiscussionBoard.errors[8996075].message }}
        • Profile picture of the author rajhu
          There could be something MUCH bigger going on.

          This could simply be a preparation or test run of a much larger attack on the Internet itself.

          I have reason to believe that there are some very powerful (like super rich corporations and families) that may want to temporarily shut down the Internet for a day or two in order for them to be able to carry out some behind the scenes political moves.

          Also telephone, TV and other forms of communication may be shut off as well temporarily.

          Reason being is that behind the scenes there are many highly corrupt governments and many of those corrupt people may be going to be arrested at some point in the near future.

          There are good guys behind the scenes who are fighting the puppet master globalists and bankers who currently control much of the western world.

          Look up David Wilcock's blog and you can read much about this kind of stuff.

          Whether this is what's happening I don't know for sure. But it could very well be tied in with this.

          Here's just one of his posts (book length) on this issue. A very good read with lots of citations. If you've never read such stuff before you'll might be left in disbelief. But he supports it with plenty of verifiable facts.

          FINANCIAL TYRANNY: Defeating the Greatest Cover-Up of All Time

          Roger
          Signature

          Is it possible to look and feel like a healthy and athletic teenager at 41 years of age?

          Click here to watch "My Top 8 Anti-Aging Secrets Video."


          See my age defying PICTURES for yourself -- http://Be40Look20.com

          {{ DiscussionBoard.errors[8996148].message }}
  • Profile picture of the author Paul Myers
    Aside from revenge and "cause" based PR, there's the obvious: extortion. It's a common enough thing. "Pay us, or we DoS you."

    Not complicated.
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[8996064].message }}
    • Profile picture of the author TAZ87
      Originally Posted by Paul Myers View Post

      Aside from revenge and "cause" based PR, there's the obvious: extortion. It's a common enough thing. "Pay us, or we DoS you."

      Not complicated.
      you nailed it. There are organised gangs if you will, of hackers out there. They threaten to attack your site unless you transfer X amount of dollars.
      Signature

      Looking for a JV partner to get my product launched. contact me here if interested!

      {{ DiscussionBoard.errors[8996575].message }}
      • Profile picture of the author David Keith
        Originally Posted by TAZ87 View Post

        you nailed it. There are organised gangs if you will, of hackers out there. They threaten to attack your site unless you transfer X amount of dollars.
        This idea makes for a good sounding hollywood movie plot, but in the real world that just isnt happening very much.

        I am certainly not suggesting it never happens, but there is absolutely no evidence to suggest that any meaningful percentage of hacks/attacks on servers are demanding ransoms or payouts.

        If you think for just a second that would mean making some sort of very traceable electronic payment to someone somewhere....ie. making the perpetrators much easier to track down.

        The vast majority of attacks that are not after specific personal, financial, or trade secret data are meant to just be disruptive...nothing more.
        {{ DiscussionBoard.errors[8996597].message }}
        • Profile picture of the author Paul Myers
          David,
          I am certainly not suggesting it never happens, but there is absolutely no evidence to suggest that any meaningful percentage of hacks/attacks on servers are demanding ransoms or payouts.
          I couldn't begin to justify any opinion on the percentages. You can, based on experience I don't have.

          That said, I know a number of people and companies who've been hit with those kinds of demands. Including one of the ones recently hit with the NTP amplification attack.

          That doesn't mean they were all extortion efforts, of course. Even if they were all launched by the same people.
          I think there are just more assholes in the world that some of us would like to think...lol
          Despite my generally positive view of people, I have to agree with that.

          But then, 2% of humans are born with a condition that is functionally indistinguishable from some forms of sociopathy, so...


          Paul
          Signature
          .
          Stop by Paul's Pub - my little hangout on Facebook.

          {{ DiscussionBoard.errors[8996637].message }}
  • Profile picture of the author JimDucharme
    All we can do for now is speculate on when the next storm will come and if we are smart, do what each of us can to prepare for it. You just can't be sure what the reason or plan behind these attacks is (if it has any at all).

    I don't want to get specific, but over 3 years ago there was a phishing attack which hit numerous companies, not all of which at face value had close connections. Certain security people connected the dots within their own company/networks, but never went public with the information and so, no one was aware that other companies were seeing a similar MO on attacks. This lead eventually to data breaches at more than one company.

    I actually noticed something was up and sent out an email to an industry group I was a member of, suggesting there might be something up, but it never clicked and I (regretably) did not push harder on the concern. It was cold comfort when after the attack people took notice of me being one who suspected something was coming. Since then, I yell like a boy being chased by a wolf at the drop of a hat.

    My point is that the only way for you to get any sleep is to have ducks in a row and backup your data and have some kind of plan on how to deal with such issues. A DDOS attack is like a tornado and a data breach is like a fire -- have an escape and recovery plan.

    There's no way to be sure what the objective behind these attacks is, but it's certainly not good. However, I agree with Paul, I don't think this is some complicated conspiracy. It may be as simple as extortion as he said.

    Regards,
    jim
    {{ DiscussionBoard.errors[8996197].message }}
    • Profile picture of the author Paul Myers
      Jim,

      If you're talking about the spearphishing directed at ESPs a few years ago, that was slick. Disturbing, but a really smooth mix of hacking and social engineering.

      Whole different crowd now, I suspect. This NTP amplification attack is about as blunt an instrument as you're likely to see.
      I don't think this is some complicated conspiracy.
      I have heard all sorts of wild theories over the past few days.

      From what I have gathered so far, this round seems to be unconnected with the attacks on gaming sites. Same attack type, just different source and target universes.

      Earlier recent attacks targeted Spamhaus and the "Krebs On Security" blog. (Krebs' site got the 200 Gbps firehose.) Lots of tech firms have been hit, along with a number of ESPs.

      There are all sorts of motives for this behavior. Everything from revenge to extortion to plain, pure ego. ("I can destroy stuff, so I must be l33t and k3w1!") The one thing we can be sure of is that they will become nastier and more common.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[8996320].message }}
      • Profile picture of the author Paul Myers
        GlobalTrader,
        I believe there could be other reasons.
        Absolutely.

        While I've got reason to believe at least some of the current/recent ones are/were extortion attempts, there have been and will continue to be other reasons, including the ideological motivations you pointed out.

        And, given the tendency of people to mono-focus and become polarized online, this stuff isn't going to go away any time soon.


        Paul
        Signature
        .
        Stop by Paul's Pub - my little hangout on Facebook.

        {{ DiscussionBoard.errors[8996328].message }}
        • Profile picture of the author Paul Myers
          Jim,
          It's absolutely vital that those who are victims of these attacks be as transparent as possible (within reason) or people will simply leap to their own conclusions.
          They're going to do that anyway. Especially in this market, where a significant chunk of the crowd refuses to believe anything that doesn't fit their cynical predilections. Those folks will repeat their fantasy theories over and over, like mindless robots on a perpetual loop, until they get others parroting their nonsense.

          It's natural for people to try and come up with explanations for things like this. We all do it. It's a bad idea to put too much faith in those surmisals, though, if you don't have something solid to base them on.

          As far as transparency, I agree completely. That's got to happen. With the way the market for this kind of thing is growing, it's just stupid to think you can get any sort of "security by obscurity" any more.

          As an example, the NTP monlist vulnerability has been there for many years, but once it hit the DDoS crowd's consciousness, it was game over as far as "secrecy." Matthew Prince is already talking publicly about the potential for SNMP amplification.

          He's also explained how the problem can be substantially reduced - and why it won't.

          Scary stuff.


          Paul
          Signature
          .
          Stop by Paul's Pub - my little hangout on Facebook.

          {{ DiscussionBoard.errors[8996358].message }}
  • Profile picture of the author GlobalTrader
    While I agree with Paul's suggested reason for these attacks, I believe there could be other reasons.

    There are zealots and elitists in all aspects of life, religion, politics and the Internet. Some of these zealot elitists have the belief that the Internet was created for free exchange of information and Aweber and other similar services are polluting their 'idea' of how the Internet should operate, thus they will try to punish the offender and see how much business they can cause them to lose?

    On my conspiratorial side - who knows, maybe the NSA is testing some new means of shutting down the Internet on a piecemeal basis that if successful will be expanded to a greater degree when they feel a shutdown is needed?

    As a final note - it appears they are still having issues as I just attempted to view something that was sent to me in an investment newsletter that was thru an Aweber link....so the conspiratorial zealotry extortion continues.
    Signature

    GlobalTrader

    {{ DiscussionBoard.errors[8996279].message }}
  • Profile picture of the author MattNic
    I think the only benefit is for the people who are DDOSing which is that they get a pleasure and satisfaction in hurting others and ruining things for people. I really hate it when people ddos
    Signature

    Problem solved! Get your own powerful cash generating system here and generate cash easily and ethically.
    Earn cash just by clicking a mouse!

    {{ DiscussionBoard.errors[8996305].message }}
  • Profile picture of the author JimDucharme
    Hi Paul,

    You don't miss much do you? Yes, that was the incident. Too many silos on that one and no one communicated and by that I am not pointing my finger at the ESPs. That attack originated with client side or at least, among the first to detect it was a security person at the Gates institute, but he never spoke up. I did speak up, but only among the ESP industry insiders group and frankly, I regret I didn't scream like a stuck pig. I definitely would not say these issues are related and I agree the gaming attack is likely not related either.

    And I do agree that at this point all we just don't know what the motivation is or if there is a strategy behind them. It's absolutely vital that those who are victims of these attacks be as transparent as possible (within reason) or people will simply leap to their own conclusions.

    Regards,
    jim
    {{ DiscussionBoard.errors[8996327].message }}
  • Profile picture of the author JimDucharme
    Good points Paul.

    There has been a shake-out going on in the ESP industry for about 4 years now with many acquisitions by large corps such as Oracle, IBM and SalesForce. This is one dynamic which may even have the effect of chilling the consolidation of the industry. People may begin to look for smaller (designer) ESPs who are much more niche focused and not trying to take over the world, and thus possibly less attractive as a target.

    Having said that, these DDOS attacks can also be much like aiming a laser pointer at a jet airliner - there is no sense to it...they do it because they can.

    Regards,
    jim
    {{ DiscussionBoard.errors[8996365].message }}
    • Profile picture of the author Paul Myers
      Jim,
      People may begin to look for smaller (designer) ESPs who are much more niche focused and not trying to take over the world, and thus possibly less attractive as a target.
      Maybe. The challenge is the constant lowering of the bar to entry for launching these sorts of attacks may make that a pointless move, at least from a defense perspective.

      Aweber, MailChimp, GetResponse and others will be harder targets after these recent attacks, so switching to smaller services isn't likely to bring any net improvement in security of access.

      There may be perfectly sound reasons to change providers from a business perspective. Still, avoiding the effects of a DDoS isn't likely to be one of them.
      Having said that, these DDOS attacks can also be much like aiming a laser pointer at a jet airliner - there is no sense to it...they do it because they can.
      People who engage in that kind of mindless destructiveness should be subject to severe reprisals. Branding springs to mind as one suitable response.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[8996381].message }}
  • Profile picture of the author Brent Stangel
    Super-villains with secret devices that can shut down the world, or specific parts of it, are no longer confined to espionage movies.

    "Here is a list of my demands, Mr. Bond..."
    Signature
    Get Off The Warrior Forum Now & Don't Come Back If You Want To Succeed!
    All The Real Marketers Are Gone. There's Nothing Left But Weak, Sniveling Wanna-Bees!
    {{ DiscussionBoard.errors[8996376].message }}
  • Profile picture of the author webdevgirl
    You can monitor the latest news on the GetResponse DDoS here:

    GetResponse Status
    {{ DiscussionBoard.errors[8996413].message }}
  • Profile picture of the author David Keith
    In my opinion, the vast majoirty of attacks/hacks are done just because they can...mostly just to be mean...disruptive.

    Of course you have the high profile data breaches where the target was CC numbers...an obvious target. But by in large these attacks are mostly just meant to be disruptive.

    There is almost never a ransom or blackmail type payment maid...although i have seen it. But most attackers dont want to attract that sort of attention to themselves.

    i remember a little over a year ago or so when hackers were using wp vulnerabilities to gain data center access to perpetrate these sort of attacks. I sat in a meeting as an HG consultant that included secrets service, fbi, and lots of other federal agency guys. Most of these attackers dont want that sort of attention.

    i think it was last year that some jerks off the coast of africa cut one of the few transatlantic internet cables coming into africa. They just went out there, dove down, and cut the damn line manually....just to be jerks i suppose.

    I think there are just more assholes in the world that some of us would like to think...lol
    {{ DiscussionBoard.errors[8996438].message }}
  • Profile picture of the author David Keith
    Paul, I guess i am looking at it from the perspective of knowing how many attacks are stopped cold...with virtually no issues ever being noticed by anyone. They are just a blip on some server management metric monitoring tool.

    When you see some of those sort of numbers you realize there are a bunch of people trying to be mean who just simply aren't skilled enough to do any damage.

    But I have also seen some of the various extortion attempts you allude to. I was fairly close to one of those and I can tell you the it was mere minutes from a secret service guy saying "let me see what i can find out" ...until the attack ended. This after almost 24 hours of relentless attacks.

    I guess my point is that if my website is hacked and i contact the secret service or fbi, they will tell me to call a tech guy. But if i contact them with a fairly popular website saying some guy in XXXX country is attacking my website trying to extort money from me then they are much more likely to listen and get involved. Thats not something most attackers want.

    I didnt try to stay as up to date on this aweber problem as i usually do. I am more relaxed in my "old age". but i can assure you if someone was trying to exploit money from a company with the size and reach of aweber they could have gotten some big boy law enforcement help.

    However if it was, as it appears to be, a simple techie vs techie type attack then those guys don't care about that really....aweber is not too big to fail in that regard.
    {{ DiscussionBoard.errors[8996664].message }}
    • Profile picture of the author Paul Myers
      David,

      I haven't heard anything about any extortion attempts directed at Aweber. It was another company.

      As far as the Secret Service, I don't really know how much they could do if the demands came from Pakistan or China, or even from an RBN-related entity. Maybe a lot, maybe nothing. If it's someone in most western countries, definitely not the kind of attention they'd want, certainly. An excellent point.

      I can think of all sorts of things I'd like to see done to these folks. None of them pleasant...


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[8996682].message }}
  • Profile picture of the author Kishor Mhaskar
    Their can be bunch of Hackers as you say , but again why would they attack their own sites. While searching about recent site attacks I came to know taht some blackhat forums are also down. Interesting
    {{ DiscussionBoard.errors[8996923].message }}
  • Profile picture of the author Tim Fuhrman
    I always wonder if this type of thing gets started by people who maybe had account problems with the service provider and then this is their form of "revenge".
    {{ DiscussionBoard.errors[8996937].message }}
  • Profile picture of the author Joshua P
    Or are there just a bunch of hacker kids that want to show to
    their buddies how cool they are?


    this..
    {{ DiscussionBoard.errors[8996998].message }}
  • Profile picture of the author Myles Sinclair
    If you want to lose some sleep at night, take a look at this attack map of daily DDoS attacks wordwide - Digital Attack Map

    Easy to miss, as the text is almost invisible (at least on my monitor) but at the bottom of the graph it states - "Data shown represents the top 2% of reported attacks."
    {{ DiscussionBoard.errors[8997170].message }}
    • Profile picture of the author anton343
      Specialized online marketplaces exist to buy and sell botnets or individual DDoS attacks. Using these underground markets, anyone can pay a nominal fee to silence websites they disagree with or disrupt an organization's online operations. A week-long DDoS attack, capable of taking a small organization offline can cost as little as $150.


      source: What is a DDoS Attack? - Digital Attack Map
      {{ DiscussionBoard.errors[8997210].message }}
  • Profile picture of the author pewpewpewmonkeys
    I have reason to believe that there are some very powerful (like super rich corporations and families) that may want to temporarily shut down the Internet for a day or two in order for them to be able to carry out some behind the scenes political moves.
    Please continue to keep me entertained.
    Signature
    Some cause-oriented hackers recently hacked one of my websites. So I researched what they're about and then donated a large sum of money to the entity they hate the most.

    The next time they hack one of my websites I'm going to donate DOUBLE.
    {{ DiscussionBoard.errors[8997281].message }}
  • Profile picture of the author brutecky
    No one really benefits from DOS attacks. Now sometimes you have lame groups like Anonymous who do DOS attacks and claim its 'for the people' to punish evil company's (like Sony), as if denying service to a customer somehow helps the customer. But in the end DOS attacks really server no benefit to anyone.
    {{ DiscussionBoard.errors[8997435].message }}
  • Profile picture of the author derekwong28
    I suspect it is extortion as well. This has happened to a number of payment processors before.
    Signature

    Do not get between a wombat and a chocolate biscuit; you will regret it dearly!

    {{ DiscussionBoard.errors[8997612].message }}

Trending Topics