Related link: http://www.csoonline.com/read/050105/extortion.html?action=print
Please, tell me I am not dumb :-) This fun article covers a recent DDoS extortion story again a betting company. They were asked for $40k ransom, they decided not to pay and spent several months and “a million dollars in lost revenue and IT investments to win this war.” How is that a victory? I think this story will give many folks exactly the opposite of the intended impression. Namely, “just pay up”.
When I read it first, I thought “what a great DoS fighting story”, but later I realized that it promotes the DoS business a lot more than anti-DoS business…
And, they did track the guy down, which is pretty cool. But I suspect that it is more of an exception than a rule, unfortunately.
Great
So basically you think that they should have forked over the $40k for that instance, and then another $40k the next time the extortionist needed some more pocket money, and so on and so on.
Let me ask you this, if this happened in meatspace, say a brickandmortar casino being shook down by the local organized crime syndicate, would you still think they should just pay up? It would be a helluva alot cheaper for us taxpayers if we didn't have finance the investigation and the subsequent prosecution, right?
Let me guess; you got your lunch money stolen by the school bully and you decided it was just "easier" to pay up than to stand up and risk a beating right?
In this case a guy built up a business to take on these thugs and maybe keep the internet from going further down the crapper for another day. I say: "Good for you guys, thanks for standing up to your agressors!"
Great
Well, I am not saying that, but I hypothesize :-) If they really spent $1m, that is about 25 times $40k. I do not suggest they pay the ransom 25 times, that is for sure.
Obviously, I am with the good guys in this case! However, I have doubts that given the circumstances the decision they chose made business sense.
Sometimes you should fight
In this case it is very good that they fought back. Yes they spent a lot more money than they would have had they just paid, but by fighting back they kill the problem once and for all. Otherwise you will be paying out extortion money every 2 months forever. This is not new. in the 10th century various English lords and kings paid the danes a huge amount to not raid them, the quanity of raids went up.
Great
That's exactly the kind of short-sighted thinking that criminals count on. It's what allows criminal organizations to get established in the first place, and history is pretty clear about the fact that success and power do not tend to make criminals more benevolent.
-rhs
Great
Another thing that IMHO matters in this case is that it is NOT "meatspace". I would probably never advocate such practice in the real world, BECAUSE there is a clear and distinct possibility of catching the guy. At this stage (2005), it seems to be that most Internet crime apprehensions are a matter of luck and not a known probability.
Great
All the more reason not to back down. The only way that we will get to the point of having a clear and distinct probability is by making the effort to get good at catching the criminals. That's going to take trial and error, practice, and patience.
-rhs