British e-tailers are trying to manage website disruption after they were systematically targeted this week by DDoS extortionists.
Bolton-based online reseller Scan International confirmed it first noted “unusual” amounts of traffic visiting its home page on Sunday, which continued until today, peaking at lunchtime.
MD Elan Raja told us the company also received an email from an anonymous source demanding payment of a ransom to put an end to the DDoS attacks; he refused to detail the amount requested.
“This has happened to various companies this week by individuals that are using e-tailers like an ATM,” he told us.
Raja said it has let the appropriate authorities deal and bolstered its defences, but he said at no point were the attackers able to obtain customers personal information as “our data is protected internally”.
“This is an attack on our external infrastructure,” he said, and “if you imagine our business in a house, the data is held in a secure room. The criminals cannot break down the door but keep ringing the bell”.
Technology e-tailer Aria Technology was also affected by website disruption on Tuesday.
Aria Taheri, Aria's managing director, said his firm’s website was knocked out on Tuesday afternoon for around two hours, one day after his firm received an blackmail demand via email for 16.66 Bitcoins ($4,000).
The blackmailers threatened to make the site unavailable for the whole of Wednesday unless payment was met, but actually started a series of intermittent attacks on Monday that continued into Wednesday morning and beyond.
“It was a powerful attack that also affected our providers,” Taheri told El Reg. “It was a consistent attack that has continued today [Wednesday],” he added. Aria reported the attack on its systems to Greater Manchester Police, Taheri confirmed.
Novatech, CCL and gaming biz Overclockers are also understood to be affected, although there is no concrete evidence that the attacks are connected. The companies were not available to comment.
Novatech’s website appeared normal on Wednesday morning and Scan’s website was slow to load or occasionally briefly unavailable. Aria’s website appeared to be functioning normally.
Taheri estimates his competitors were hit as part of the same DDoS attack, but this remains unconfirmed.
Back in March 2013 Aria’s website was also hit by a DDoS but the culprit was identified after a reward was posted, according to Taheri. The businessman is adopting the same tactics this time around offering a £15,000 reward for information that leads to a successful prosecution against the culprits.
DDoS-based extortion attacks have been a problem for many years. Initially, they were launched against online bookmakers at times of peak demand (Cheltenham Festival racing, Champions League football games etc.) but over time a wider range of targets have been affected.
One particular group of hackers called DDoS for Bitcoin (Distributed Denial of Service for Bitcoin) – or DD4BC – have been particularly active in blackmailing smaller businesses with packet flooding attacks over recent months.
The latest run of attacks are similar to previous extortion attack scams linked to DD4BC, which makes it a suspect, if nothing else. The evidence is circumstantial at best. DD4BC started off by attack Bitcoin firms, before expanding its range of targets including banks and Scandinavian firms.
A security firm praised Aria for standing up to extortionate demands.
Igal Zeifman, senior digital strategist at Imperva, a supplier of DDoS mitigation and web application firewall tech, commented: “By refusing to pay the ransom and posting a bounty instead, Aria is following the steps taken by companies such as Bitalo and Bitmain, who also decided to strike back against their DDoS extortionists."
"It is definitely doing the right thing. Based on our experience, despite the attackers’ robust threats, many of these attacks tend to be unimpressive and can be countered with ease, given the proper protection," added Zeifman. ®