Tech Startups Are Targets of Ransom Cyberattacks
bits.blogs.nytimes.comA great way to push policies and technologies towards a more regulated Internet.
I might have my tinfoil hat on here but without any doubt we need to make away with all the centralization because that's what is the problem, really.
Aggressive push towards distributed services - think bittorrent/sync and bitcoin/blockchain technology as the solution to distributed network attacks.
Challenge accepted?
The hard problem there is the business model, not the technology.
Namecoin, Ethereum and Open Transactions come to mind.
Maybe the future is much more evenly distributed and we all make a living by offering energy and computing power to those services? Why did PGP never take off? I would love to set up my own "miner" for it to play its part in a truly decentralized and secure Email service. Open source as the "business model" is key in that scenario.
I don't have enough energy nor am I smart enough to actually create those kinds of services but I do feel stuff like that is the way out of this mess.
Interesting articles on topic:
"Enter The Blockchain: How Bitcoin Can Turn The Cloud Inside Out"
http://techcrunch.com/2014/03/22/enter-the-blockchain-how-bi...
"Can Namecoin Obsolete ICANN (and More)?"
The problem here is that the money is made by providing commodity services rather than engineering effort. So the person who designs the innovative decentralized system makes much less money than the person who can throw a lot of cheap servers into a rack.
Bitcoin itself is possibly one of the first exceptions to that.
We could see more opportunities for distributed services to be monetized in similar ways. It needs to be done carefully, as there's a strong bias against "pre-mined" schemes.
Read up on DAO/DACs if you're interested ("Decentralized/Digital Autonomous Corporations/Organizations" https://en.wikipedia.org/wiki/Digital_Autonomous_Corporation https://en.bitcoin.it/wiki/Distributed_Autonomous_Community_...). It's still mostly theoretical stuff, but Ethereum, ProtoShares, etc are working on these ideas.
Maybe if there was some kind of token connected with paying the services the originator would be able to stash a lot of them very cheaply at the very beginning of the network's lifecycle - think Bitcoin/Namecoin again.
I was speaking to someone in the esports industry yesterday who said that DDoS attacks have become a real problem in high tier tournaments. Apparently you can get a bot net which is more than capable of blowing out the whole opposing team for as low as $100.
The problem of DDoS in high tier gaming isn't a new one, probably 10 years or longer. What I don't understand however, is why these players who are affected by DDoS are still leaking their IP with Skype all the time.
Uninstall Skype, get a new IP, and it'll probably never happen to them again.
Or use a secret skype if it is necessary... A lot of streamers use skype to provide content of them interacting with others in an interesting way (and skype is pretty good for this without the hassle of ventrilo, mumble, teamspeak, or whatever alternative).
I don't see why more of them don't make token skype accounts regularly. It isn't much of a hassle and it raises the security bar quite a lot compared to always using the same account.
Also Twitch uses IRC for its chatting, so streamers (which have a lot of overlap here) frequently leak their addresses without realizing it.
heh...basecamp, meetup, vimeo, and bit.ly are 'small'.
Are there any documented instances of this happening to smaller startups? And, relatedly, are a set of best practices emerging to deal with this sort of a thing?
I'd be really curious to see best practices for smaller startups. We've never been hit with a DDOS, but bot attacks seem pretty commonplace. I'd love to see the open source community come together to create some mitigation strategies, though I admit I don't know what they would entail.
I naively think I could just go to cloudflare with my attacked site, am I wrong?
While certainly not a startup I manage an altcoin pool and DDOS seems to be a big deal in this space. In fact my pool (http://awesomehash.com) just got his this morning.
It's a really bad feeling. Our miners really have no reason to stay with us. For a majority of them, as long as the servers are up there's no difference between pools. If our servers go down, even through no fault of our own we stand to lose a bunch of our members, and who knows if they'll come back.
As for solutions, we implemented a few new iptables rules, and we ended moving from DO to another VPS provider who has DDOS mitigation. There really isn't much you can do.
I think the chances are "smaller" start ups are not a big target since they don't have the resources for future payoffs, or even initial pay offs. If it took the same effort would you rob a homeless man?
This stuff have been taking place in the Russian segment of the internet for several years and create a quite profitable business of DDoS protection.
"Even after the attack was mitigated, the attacker continued to send increasingly whiny emails."
What whiny emails did they send?
Incidentally, I recently noticed that Digital Ocean was also under attack and our servers were real slow for quite a few days, and i was wondering if Amazon/GoDaddy had anything to do with it :)