The Aftermath Of A DDOS Attack
By Sarah Lai Stirland and Carl Franzen, 10:20PM
As TPM has reported, our website was knocked offline Friday at 4:43 p.m. by a distributed denial of service attack (DDos). Earlier in the day TPM posted a series of mugshots of suspected members of the hacking collective ‘Anonymous.’
A noted web security expert recommended that to halt the attack, TPM should create a separate domain – just as Anonymous mirrored the Wikileaks website after it was taken down.
"You want to create a lot of targets as opposed to just one. Then there’s really no incentive to go after you," preeminent denial of service security expert Barret Lyon said in a phone interview with TPM.
Lyon is famed for his role in tracking down Russian mob extortionists who employed denial of service attacks, a story recounted in the 2010 book Fatal System Error.
TPM first learned that it was the target of a distributed denial of service attack when our hosting company sent us an e-mail notifying us our load balancer was receiving an extremely high hit rate and would be disabled.
The load balancer refers to the system that distributes incoming traffic among TPM’s web servers. It’s the system that sits between TPM’s servers and the open internet.
Unfortunately, Lyon told TPM he thought it was highly unlikely that the attackers would ever be identified, let alone caught, because if they communicated their intentions at all, it was likely through a variety of private online channels - everything from anonymous email services to Internet Relay Chats.
"I don’t think you’ll have a lot of success with [identifying them]," Lyon said. "It takes years to track stuff like this down. You’re dealing with something that’s not necessarily cut and dry."
Lyon said that DDos attackers are more readily identified when they go after extremely high-profile targets such as government websites and business websites, as they draw more law enforcement resources toward finding them.
On the upside, Lyon did note that DDoS attacks are “pretty mundane.”
"DDoS compromises nothing as far as security, it just means that your network is broken. It’s like someone giving you a flat tire. They’re not breaking into your car."
He said that the real trouble comes when DDos attacks are sustained over a long period of time.
"Imagine these guys continue to do it, they could hurt your business. That’s like having editorial control over your website."