October 20, 2014

Cyber-Security

Attack of the zombies and other cyber-battles

A cluster of Florida companies is carving out a niche in protecting others' websites and e-commerce.

Mike Vogel | 6/11/2012
Attack of the Zombies
[Photo: iStock]

Last August, most likely in a forgettable dwelling in a nondescript burg in a former Soviet republic, a young man sat down to his computer in the late afternoon to wreak a little mayhem.

We can only guess, but he might have learned his computer skills at a university; he might be a self-taught teen. Collaborating with fellow hackers in Kazakhstan, Belarus, Peru and the United Arab Emirates, he began typing in code, marshalling an army of personal computers all over the globe that the hackers had infected with viruses. Unknown to the owners of those computers, their machines had become zombies serving in a hacker-controlled squadron called a botnet.

The viruses enable the hacker to command the entire botnet to send a torrent of data — multiple hits on a web page or e-mails, for example — in order to overload a targeted website and knock out its web server or e-mail network. Such attacks are called DDoS — distributed denial of service.

With his forces in place, the hacker entered a final command, and the assault began.

The bull’s-eye last August was SpaFinder, a $60-million revenue company based in New York that sells gift certificates to 20,000 spas around the world.

The SpaFinder attack was two-pronged: The first was a Layer 4 attack, which essentially attempted to overwhelm SpaFinder with more electronic knocks on the door than it could possibly answer. In brick-and-mortar terms, it’s like a mob descending on a store, making nonsensical requests that tie up the clerks while real customers are stuck outside. Once, it took some real tech savvy to mount such an attack. Now there are downloadable “DDoS in a box” kits online.

The second attack was a more sophisticated Layer 7, meant to go deep into SpaFinder’s website and ask for files or make requests that tie up lots of computing power and space.

The DDoS hacker’s motive is unknown — he may only have been seeking bragging rights for taking down a company’s site. Some DDoS hackers have a grudge. A few use the DDoS attack as a smokescreen to sneak deeper into the site to steal customer passwords, money or credit card data. Some DDoS attacks come with ransom demands to lift the attack, though payoffs are rare.

Famously, the self-styled activist group Anonymous uses DDoS — even inviting people to join and providing how-to help — for its agenda. In June 2011, Anonymous launched DDoS attacks on a privately owned Orlando visitors guide website, Mayor Buddy Dyer’s re-election campaign site and other Orlando organizations over a dispute about feeding the homeless in a park.

Digital Access

DIRECT DIGITAL ACCESS
Add digital to your current subscription, purchase a single ditgital issue, or start a new subscription to Florida Trend.

TABLE OF CONTENTS
An overview of the features and articles in this month's issue of Florida Trend.

ACCESS THIS ISSUE »

Florida Business News

Florida Trend Video Pick

Jacksonville's Maxwell House plant
Jacksonville's Maxwell House plant

A riverfront icon for 104 years, the Maxwell House plant in downtown Jacksonville is getting some national attention thanks to a new marketing campaign.

Earlier Videos | Viewpoints@FloridaTrend

Ballot Box

Are you comfortable with the idea of a cashless society?

  • Yes - in fact I am excited about using my phone to pay
  • Why not - I use debit/credit all the time anyway
  • Maybe - it's ineveitable, but I don't like it
  • No - I'll be using paper money as long as possible

See Results

Ballot Box
Subscribe