[172045] in North American Network Operators' Group
Re: Large DDoS, small extortion
daemon@ATHENA.MIT.EDU (Livingood, Jason)
Thu May 22 11:24:59 2014
X-Original-To: nanog@nanog.org
From: "Livingood, Jason" <Jason_Livingood@cable.comcast.com>
To: Beleaguered Admin <dealing.with.ddos@gmail.com>, "nanog@nanog.org"
<nanog@nanog.org>
Date: Thu, 22 May 2014 15:23:40 +0000
In-Reply-To: <CAN-S6ZqtwxcjGudh8Q+bW5u=7WEvz5Jn4Tdk-MmQ1u-9QHXhig@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
On 5/22/14, 12:51 AM, "Beleaguered Admin" <dealing.with.ddos@gmail.com>
wrote:
>This has been going on for a long time -- almost every detail is
>exactly the same as what is described here:
>http://techcrunch.com/2014/03/03/meetup-suffering-significant-ddos-attack-
>taking-it-offline-for-days/
>
>He is in regular communication (via whois info and other collected
>contact data) asking for <$1000 USD sums to stop the attacks.
That article said that the company didn=B9t want to negotiate with
criminals. As an aside I spent some time with a retired hostage negotiator
on Tuesday (which was fascinating BTW). He actually said negotiation is
always useful and sometimes paying a ransom demand can serve as a method
to track where the money goes, to identify all the actors involved for
later action (which may apply in this case). And sometimes financial
demands are dropped as a result of negotiation.
>Is it worth talking to law enforcement? Some of these have been >500k
>costs to the customer, but we assume the person doing it isn't in any
>western country, so maybe it doesn't even matter?
You may find the law enforcement more interested in engaging within you
than you might think.
Jason
