For much of yesterday, Feedly, the RSS reader, was offline. It had been targeted by what is called a DDoS: a distributed denial of service. A DDoS attack is where a website is flooded by requests from computers, which overwhelms the server and prevents legitimate request from getting through. For all intents and purposes, A DDoS attack knocks a website offline.
DDoS attacks are not that uncommon, and surprisingly easy to do. You don’t need to be a master ‘black hat’ hacker to do it. One common way is simply to download software, such as a ‘Low Orbit Ion Cannon’ – the name is taken from a computer game. LOIC was originally a system used to stress test the bandwith of networks. But it was released into the public domain and can be accessed with a simple download. (It’s been downloaded 15 thousand times this week). LOIC was used by supporters of the group Anonymous in their attacks on the Church of Scientology. More effective still, you can rent out ‘botnets’, which are enormous networks of hacked computers that can also be used to target a DDoS attack on a website. In the hacking community, having a large botnet at your disposal is a boon, both financially and status wise. It’s possible the Feedly hackers rented part or all of a botnet from a ‘botmaster’ with the sole purpose of attacking Feedly.
But what made this attack – which has since been neutralised – interesting is that the attackers demanded a ransom to stop (although no-one knows how much). This is the new vogue in hacker circles. The same thing happened last year to Heynep Capital Markets and to MeetUp. Feedly refused to negotiate with the attackers (something which most Feedly users agreed with). Instead, they worked with law enforcement and network providers to neutralise the attack. We all agree with this noble principle, because giving in incentivises the attackers and makes such activity more profitable, and therefore more likely.
But what if your own stuff was hacked and you were held to ransom? Bad news: that’s already happening. The last few months have seen a surge in what’s called ‘crypto-ransomware’. This annoying malware accesses your computer files and encrypts them all with powerful software that only the attackers can unlock. Soon after a ransom note pops up on your computer: ‘Your personal files are encryped’. The most common – but not the only – of these is called cryptolocker, which arrived late last year. Most victims were asked to pay $300 to get access to their family photos, work files, et cetera.
To negotiate with criminals, or not – you might soon have to make that decision for yourself. Or, better still, back up your computer files.