Meetup.com has gone public with one of the most paltry ransom demands The Register has seen – but rather than pay up to end a distributed denial-of-service (DDoS) attack, the klatch organizer instead put up with its site being repeatedly hosed offline, we're told. The website said its woes began on Thursday when it received a …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 3rd March 2014 21:45 GMT Vociferous

Why do I get the feeling that somewhere there is a high school computer lab which isn't sufficiently monitored?

1 3
1. Monday 3rd March 2014 23:29 GMT adnim
  
  It's easy enough
  
  to rent a botnet. And not exactly difficult to build one.
  
  A high school computer lab is not required... An open wifi connection and a device with a spoofed MAC address is enough to avoid being traced and to send a target IP address to a C&C server. It only takes a few seconds to run a prepared script, it could be done whilst driving past without stopping.
  
  No I didn't down vote you.
  
  2 0
  1. Tuesday 4th March 2014 06:38 GMT Wzrd1
    
    Re: It's easy enough
    
    "An open wifi connection and a device with a spoofed MAC address is enough to avoid being traced and to send a target IP address to a C&C server."
    
    True enough, but if every ISP actually configured their network properly, such an attack would be more difficult to pull off with spoofing. A spoofed MAC address is one thing, but one has to have an IP. Many spoofers still spoof an IP that is not part of the ISP network, hence should not have routing accepted.
    
    0 1
    1. Tuesday 4th March 2014 08:56 GMT KjetilS
      
      Re: It's easy enough
      
      You're usually behind a NAT gateway when connected to a wifi connection, so all you need is for the local router to accept your MAC address, which it has no reason not to.
      
      The ISP network only talks to the local router, which has a correct IP and MAC address.
      
      0 0
  2. Tuesday 4th March 2014 10:37 GMT Vociferous
    
    Re: It's easy enough
    
    > not exactly difficult to build one
    
    It's trivial to DDoS. You download the software, insert the IP or URL to hammer, and go. I said high school because like universities they often have gigabit networks, and unlike unversity students the culprit might feel that $300 was a lot of money. Plus the target was Meetup.
    
    > An open wifi connection and a device with a spoofed MAC address is enough to avoid being traced and to send a target IP address to a C&C server
    
    You are seriously overestimating the amount of effort (or planning) needed to DDoS a third-tier site like Meetup.
    
    >I didn't down vote you
    
    I don't mind downvotes. Until The Reg implements a "user X has replied to your post Y" function it's the best way to tell that a post may have garnered replies.
    
    1 0
Tuesday 4th March 2014 02:01 GMT Cliff

'Give me your wallet'

It's just coward-grade mugging. There's not even the skill, art or finesse of a good security breach, it's just thuggery.

To think, the internet used to be such a nice place before the public and ad men were allowed in.

0 0
1. Tuesday 4th March 2014 06:41 GMT Wzrd1
  
  Re: 'Give me your wallet'
  
  "To think, the internet used to be such a nice place before the public and ad men were allowed in."
  
  It's funny, I actually found a Viagra ad in my spam folder. I chuckled over it after I deleted the rubbish.
  
  We used to build stories out of SPAM captured by our mail filters. Such as enjoying our all expense paid vacation in the Virgin Islands, enjoying the fruits of our Nigerian investments and enjoying our discounted Viagra, with assorted additions to make the story flow better, but all from that crap inundating our filters.
  
  One finds stress relief somehow, as we can't shoot the bastards out of a cannon and into a midden heap.
  
  0 0
Tuesday 4th March 2014 11:22 GMT Dr Dan Holdsworth

Involve the cops pronto

Get the police involved, then agree to pay the money. Sort out some means of paying that is trivially traceable, and set Plod off to sniff down the blackmailers; pretty soon, exit crminial numpties stage left.

3 0
Tuesday 4th March 2014 14:32 GMT Eradicate all BB entrants

An alternative would have been ....

..... 'I will give you $500 for documented proof of who hired you' then hand over to the police if he agrees hopefully getting DDOS'r and his client in one.

0 0

This topic is closed for new posts.

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

User topics

Article topics

Miscreant menaces Meetup, minuscule money mania mashed

COMMENTS

It's easy enough

Re: It's easy enough

Re: It's easy enough

Re: It's easy enough

'Give me your wallet'

Re: 'Give me your wallet'

Involve the cops pronto

An alternative would have been ....

Other stories you might like

Feline firewall woke developer to declaw DDoS disaster

Microsoft squashes SmartScreen security bypass bug exploited in the wild

US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products

Cisco creates architecture to improve security and sell you new switches

OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories

French issue alerte rouge after local governments knocked offline by cyber attack

Japanese government rejects Yahoo! infosec improvement plan

H-1B visa fraud alive and well amid efforts to crack down on abuse

Crooks exploit OpenMetadata holes to mine crypto – and leave a sob story for victims

It's 2024 and Intel silicon is still haunted by data-spilling Spectre

Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways

Ransomware feared as IT 'issues' force Octapharma Plasma to close 150+ centers

About Us

Our Websites

Your Privacy