What would you do if you got a note from some hackers threatening to take down your site unless you paid a $300 ransom?
That's exactly what happened to the Meetup site this past weekend. Meetup's CEO got a strange email stating that the site would be taken down unless he paid $300. By the time he read the email, though, it was too late.
The site was taken down, put up, and taken down again - just to prove a point.
The Meetup team is the first to publicly announce this type of hacker threat, but it's not the first company this has happened to. As it turns out, threats of this sort happen all the time.
There's a strong correlation, it seems, between this type of hacker threat and site downtime. Since Meetup is the first company to openly speak of these threats, details are somewhat unknown. But, it can be speculated that many sites experience 'downtime' due to a threat just like this one. Only, this writer is willing to bet that most sites simply pay up.
Meetup's team doesn't want to negotiate with the hackers. A spokesperson from Meetup told press that this kind of threat is often part of a never ending cycle. If the company were to pay the ransom once, when would it stop? There are, potentially, thousands of companies out there that have been paying high amounts to keep sites running for a long time. Just think about that.
What Can Be Done?
Some hosting services are trying to prevent hackers from performing this type of attack. Sadly, most businesses can't justify the cost of paying for DDoS protection. This type of protection is offered through various companies, but it's something that does mean an extra expense most of the time. If your site does come under this type of attack, the best thing to do is to go the Meetup route.
Let the media know about the attack. Will it stop your site from going down? Probably not. But, it will let hackers know that you won't negotiate, or be sucked into paying more money to prevent additional attacks. It's kind of like standing up and saying: "I won't stand for this." Maybe, just maybe, other companies will let the world know about this type of extortion, and that may lead to some kind of end.
An Interesting Tactic
So, how do hackers manage to bring down a site like Meetup (especially third-party hackers)? They use a Network Time Protocol tactic that essentially boils down to: sending a NTP request, asking a short question, and increasing traffic ten-fold, which brings down a site quickly. It's a simple tactic, but it's one that works very well. So well that a site like Meetup didn't really stand a chance.
Even if Meetup would have cooperated, the company didn't really have any time to respond. The site was shut down minutes after the email was read. Meetup was a victim here, but we also have to applaud the stance that the company took by not giving in to this threat.