DoS & Russian Mobsters

Introduction
As most of you are most likely aware, Newgrounds suffered from an accidental DoS (denial of service) attack in the past week. It was triggered, innocently enough by the over-excitable fandom of Homestuck.

While I was away from Newgrounds at the time of the meltdown (most likely sleeping), reading about it afterwards did pique my interest in DoS attacks.

The term first came to my attention during the 2011 spring/summer hackfest (when Anon, LulzSec and other groups were romping around the internet and causing havoc for businesses like Sony and Amazon). A friend explained the concept to me quite aptly:

"Think of a website as a building on a high street, people are ambling along in and out the front doors, going in to have a nosey around and maybe leaving with a shopping bag or two. Now think of a thousand, two thousand people all trying to fit through those front doors at once, some of them are genuinely wanting to get inside, others are just acting with a crowd mentality and flailing around everywhere. The end result? Nobody gets in. That in essence is DoS"

He was also quick to point out that DoS attacks aren't really "hacking" and that those responsible are spotty faced teenagers, empowering themselves with a vague sense of rebellion for fighting against the "man". Probably not all that far away from our aforementioned Homestruck fandom.

The problem is, turns out he's wrong. Dead wrong. Some investigative journalism from Evan Ratliff for The New Yorker back in 2005 describes the DoS world not of spotty teenagers and flash fans, but of Russian mobsters, protection rackets and thousands and thousands of dollars. This is some scary stuff.

The Scary World of Online Racketeering
But first, some further background is required on how DoS attacks are orchestrated (feel free to skip this section if this is old hat to you).

DoS attacks require large networks of computers sending out enough requests for data to bring the data providers (i.e servers) to their knees. This is done with herders and their respective zombies. "Zombies" are computers hijacked by hackers, usually without the owners knowledge. Hackers garner huge pools of these zombie computers and "herd" them to their chosen target. All this can and does take place hidden from the view of a zombie computer user. The problem is so widespread that even computers from within the United States Navy's Network Operations Centre and Department of Defence Military Sealift Command Network are infected.

Online criminals are using these huge hordes of zombies to bring businesses to their knees. They tend to target online industries, such as pornography and gambling, that occupy a gray area, and may be reluctant to seek help from law enforcement.

Protx, an online-payment processing company has also been attacked by these online extortionists. It began in August 2004. The company received an email with the subject line "Contact us", sent from commerce_protection@yahoo.com. The message was written in broken English:

"We attack your servers for some time. If you want save your business, you should pay 10.000$ bank wire to our bank account. When we receive money, we stop attack immediately. If we will not receive money, we will attack your business 1 month". The note went on to say that $10,000 would buy Protx a year's worth of protection before concluding "Think about how much money you will lose, while your servers are down. Thanks John Martino".

Protx had never heard of John Martino and decided to ignore the message. Fast forward two months and Protx's IT department is working overtime, dealing with complaints from customers that the system was offline. The source of disruption was clear, a DoS attack.

Another email promptly arrived from John Martino reiterating his demands of £10,000 and it took the IT technicians 2 days to get the systems back online, with every second of downtime losing the company money.

All returned to normal, for a short period of time until April, when Mr.Martino contacted the company again and used a horde of 70,000 zombies to keep the website offline for 3 days.

The company now spends roughly $500,000 a year to protect itself, fifty times what Martino had asked for. This includes a $100,000 annual contract with Prolexic, an online security company that specialises in defending against DoS attacks.

Protx is only one company though. There are literally dozens of other online services currently under siege with similar threats today. With federal resources within America already stretched to their full capacity, handling everything from child pornography to identify theft it's becoming clearer for private businesses that they're very much on their own in this, much scarier world of DoS.

What does this alarming trend mean for us as consumers of online services and netizens of online communities?