March 3, 2015


Attack of the zombies and other cyber-battles

A cluster of Florida companies is carving out a niche in protecting others' websites and e-commerce.

Mike Vogel | 6/11/2012
Attack of the Zombies
[Photo: iStock]

Last August, most likely in a forgettable dwelling in a nondescript burg in a former Soviet republic, a young man sat down to his computer in the late afternoon to wreak a little mayhem.

We can only guess, but he might have learned his computer skills at a university; he might be a self-taught teen. Collaborating with fellow hackers in Kazakhstan, Belarus, Peru and the United Arab Emirates, he began typing in code, marshalling an army of personal computers all over the globe that the hackers had infected with viruses. Unknown to the owners of those computers, their machines had become zombies serving in a hacker-controlled squadron called a botnet.

The viruses enable the hacker to command the entire botnet to send a torrent of data — multiple hits on a web page or e-mails, for example — in order to overload a targeted website and knock out its web server or e-mail network. Such attacks are called DDoS — distributed denial of service.

With his forces in place, the hacker entered a final command, and the assault began.

The bull’s-eye last August was SpaFinder, a $60-million revenue company based in New York that sells gift certificates to 20,000 spas around the world.

The SpaFinder attack was two-pronged: The first was a Layer 4 attack, which essentially attempted to overwhelm SpaFinder with more electronic knocks on the door than it could possibly answer. In brick-and-mortar terms, it’s like a mob descending on a store, making nonsensical requests that tie up the clerks while real customers are stuck outside. Once, it took some real tech savvy to mount such an attack. Now there are downloadable “DDoS in a box” kits online.

The second attack was a more sophisticated Layer 7, meant to go deep into SpaFinder’s website and ask for files or make requests that tie up lots of computing power and space.

The DDoS hacker’s motive is unknown — he may only have been seeking bragging rights for taking down a company’s site. Some DDoS hackers have a grudge. A few use the DDoS attack as a smokescreen to sneak deeper into the site to steal customer passwords, money or credit card data. Some DDoS attacks come with ransom demands to lift the attack, though payoffs are rare.

Famously, the self-styled activist group Anonymous uses DDoS — even inviting people to join and providing how-to help — for its agenda. In June 2011, Anonymous launched DDoS attacks on a privately owned Orlando visitors guide website, Mayor Buddy Dyer’s re-election campaign site and other Orlando organizations over a dispute about feeding the homeless in a park.

Digital Access

Add digital to your current subscription, purchase a single ditgital issue, or start a new subscription to Florida Trend.

An overview of the features and articles in this month's issue of Florida Trend.


Florida Business News

Florida Trend Video Pick

Brevard man finalist for one-way trip to Mars
Brevard man finalist for one-way trip to Mars

A Merritt Island man has advanced to the final round of 100 candidates vying to be selected as astronauts by the Mars One Foundation, which wants to establish a human settlement on the Red Planet in the next decade.

Earlier Videos | Viewpoints@FloridaTrend

Ballot Box

Is this the year Florida's legislature will accept billions of dollars in Medicaid expansion?

  • Yes, legislators can't avoid it. It's our money.
  • No, the House won't approve anything related to Obamacare.

See Results

Ballot Box