[172053] in North American Network Operators' Group
Re: Large DDoS, small extortion
daemon@ATHENA.MIT.EDU (manning)
Thu May 22 13:22:56 2014
X-Original-To: nanog@nanog.org
From: manning <bmanning@karoshi.com>
In-Reply-To: <CFA37AA0.D24F9%jason_livingood@cable.comcast.com>
Date: Thu, 22 May 2014 10:22:24 -0700
To: "Livingood, Jason" <Jason_Livingood@cable.comcast.com>
X-MailScanner-From: bmanning@karoshi.com
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
negotiation is fine=85 a weakness is presuming to know what the perp =
wants (and many times they don;t know themselves)
so engagement is good =93The Cuckoo's Egg=94 is worth the read=85
/bill
On 22May2014Thursday, at 8:23, Livingood, Jason =
<Jason_Livingood@cable.comcast.com> wrote:
> On 5/22/14, 12:51 AM, "Beleaguered Admin" =
<dealing.with.ddos@gmail.com>
> wrote:
>=20
>> This has been going on for a long time -- almost every detail is
>> exactly the same as what is described here:
>> =
http://techcrunch.com/2014/03/03/meetup-suffering-significant-ddos-attack-=
>> taking-it-offline-for-days/
>>=20
>> He is in regular communication (via whois info and other collected
>> contact data) asking for <$1000 USD sums to stop the attacks.
>=20
> That article said that the company didn=B9t want to negotiate with
> criminals. As an aside I spent some time with a retired hostage =
negotiator
> on Tuesday (which was fascinating BTW). He actually said negotiation =
is
> always useful and sometimes paying a ransom demand can serve as a =
method
> to track where the money goes, to identify all the actors involved for
> later action (which may apply in this case). And sometimes financial
> demands are dropped as a result of negotiation.
>=20
>> Is it worth talking to law enforcement? Some of these have been =
>500k
>> costs to the customer, but we assume the person doing it isn't in any
>> western country, so maybe it doesn't even matter?
>=20
> You may find the law enforcement more interested in engaging within =
you
> than you might think.
>=20
> Jason
>=20
