February 23, 2018


Attack of the zombies and other cyber-battles

A cluster of Florida companies is carving out a niche in protecting others' websites and e-commerce.

Mike Vogel | 6/11/2012
Attack of the Zombies
[Photo: iStock]

Last August, most likely in a forgettable dwelling in a nondescript burg in a former Soviet republic, a young man sat down to his computer in the late afternoon to wreak a little mayhem.

We can only guess, but he might have learned his computer skills at a university; he might be a self-taught teen. Collaborating with fellow hackers in Kazakhstan, Belarus, Peru and the United Arab Emirates, he began typing in code, marshalling an army of personal computers all over the globe that the hackers had infected with viruses. Unknown to the owners of those computers, their machines had become zombies serving in a hacker-controlled squadron called a botnet.

The viruses enable the hacker to command the entire botnet to send a torrent of data — multiple hits on a web page or e-mails, for example — in order to overload a targeted website and knock out its web server or e-mail network. Such attacks are called DDoS — distributed denial of service.

With his forces in place, the hacker entered a final command, and the assault began.

The bull’s-eye last August was SpaFinder, a $60-million revenue company based in New York that sells gift certificates to 20,000 spas around the world.

The SpaFinder attack was two-pronged: The first was a Layer 4 attack, which essentially attempted to overwhelm SpaFinder with more electronic knocks on the door than it could possibly answer. In brick-and-mortar terms, it’s like a mob descending on a store, making nonsensical requests that tie up the clerks while real customers are stuck outside. Once, it took some real tech savvy to mount such an attack. Now there are downloadable “DDoS in a box” kits online.

The second attack was a more sophisticated Layer 7, meant to go deep into SpaFinder’s website and ask for files or make requests that tie up lots of computing power and space.

The DDoS hacker’s motive is unknown — he may only have been seeking bragging rights for taking down a company’s site. Some DDoS hackers have a grudge. A few use the DDoS attack as a smokescreen to sneak deeper into the site to steal customer passwords, money or credit card data. Some DDoS attacks come with ransom demands to lift the attack, though payoffs are rare.

Famously, the self-styled activist group Anonymous uses DDoS — even inviting people to join and providing how-to help — for its agenda. In June 2011, Anonymous launched DDoS attacks on a privately owned Orlando visitors guide website, Mayor Buddy Dyer’s re-election campaign site and other Orlando organizations over a dispute about feeding the homeless in a park.

Digital Access

Add digital to your current subscription, purchase a single digital issue, or start a new subscription to Florida Trend.

An overview of the features and articles in this month's issue of Florida Trend.


Florida Business News

Florida Trend Video Pick

FIRST Robotics
FIRST Robotics

 Krunch Robotics club has six weeks to build a robot ahead of the FIRST Robotics regional meet in Orlando in March.

Earlier Videos | Viewpoints@FloridaTrend

Ballot Box

What's your favorite Florida beach? (tell us in comments)

  • The one nearest me, which is _____
  • One not near me, but I still think it's the best, which is ______
  • None, not a beach person

See Results

Ballot Box