At least two major web sites — one Israeli and one American — were disabled for several days last week, as a hacker group held the sites “hostage,” demanding a bounty for halting a massive distributed denial of service (DDoS) attack against them. The ransom? $300.
Full details of the attack were published by the American site, Meetup, which coordinates get-togethers between like-minded individuals on a wide variety of subjects, in many countries around the world. “No doubt, this has been a tough weekend for Meetup,” the company wrote in a blog post. “We faced a massive attack on our servers — a DDoS attack, which is a barrage of traffic intended to make service unavailable. We’ve had many hours of downtime over several days, a first for us in 12 years of growing the world’s largest network of local community groups.”
The attack began on February 27, the company said, with a huge volume of web connection requests hitting Meetup’s servers, eventually overwhelming them and freezing activities. It was nearly a week before administrators were able to take control of the servers again. Writing in the blog post, Meetup co-founder and CEO Scott Heiferman wrote “I received this email: ‘A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer.’ Simultaneously, the attack began, our servers were overwhelmed with traffic, and our services went down.”
They stayed down for close to 24 hours, when administrators managed to wrest control of the servers again — only to lose control a day later, with recovery taking at least three days. “While we’re confident that we’re taking all the necessary steps to protect against the threat, it’s possible that we’ll face outages in the days ahead,” he added. According to the company, details on some 60,000 meetups were affected by the attack.
It was a very sophisticated attack, considering the fact that Meetup takes all precautions it can think of to prevent problems like this — and the fact that the hacker was only looking for $300 made him even more suspicious, said Heiferman. “The natural question I know many of you will ask is why didn’t we pay, especially since the amount of money demanded was ridiculously small,” he wrote.
“First, we made a decision not to negotiate with criminals. Second, the extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated. We believe this lowball amount is a trick to see if we are the kind of target who would pay. We believe if we pay, the criminals would simply demand much more. And third, payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world,” he wrote.
A similar attack was launched against a large Israeli web site last week as well. A spokesperson for the company — a well-known web platform that has users around the world — said that the company, which identifies as Israeli, “did not want to discuss the details of the attack because it did not wish to make itself a further target, as anti-Israel hackers would be tempted to mount further attacks against us.” The spokesperson also asked that the company not be identified by name for the same reason.
Nevertheless, a company insider confirmed the details of the attack, citing the exact same email that Meetup’s CEO received. “Many of the users couldn’t access their accounts for several days,” the company source said. The platform is now operating normally, but numerous customers have been demanding compensation for lost time and work, the source said.
“This was the first time we experienced an attack like this, and to my knowledge it was one of the fiercest DDoS attacks ever perpetrated.” The source agreed with Heiferman on the possible motive for the “lowball” ransom demand. “You can’t pay off criminals. If they know they can get away with it they will be back again and again. Sooner or later you have to fight back, and we chose to do it sooner than later.”