Feeds

Miscreant menaces Meetup, minuscule money mania mashed

$300 or the trendy website gets it ... and the website got it

Securing Web Applications Made Simple and Scalable

Meetup.com has gone public with one of the most paltry ransom demands The Register has seen – but rather than pay up to end a distributed denial-of-service (DDoS) attack, the klatch organizer instead put up with its site being repeatedly hosed offline, we're told.

The website said its woes began on Thursday when it received a demand for a mere US$300 to halt a web traffic assault. Meetup.com CEO and co-founder Scott Heiferman posted the text of an e-mail he said he received from the extortionist:

“A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer.”

Heiferman said the attack on his company's web servers began as soon as the message was sent, and in spite of various attempts to mitigate the assault, the incoming network flood knocked the site off the internet for 24 hours on Thursday, and again on a daily basis through to Sunday.

“While we’re confident that we’re taking all the necessary steps to protect against the threat, it’s possible that we’ll face outages in the days ahead,” Heiferman said today.

His conclusion is that the initial low-ball demand was simply a gambit: if Meetup.com had submitted to it, more money would have been demanded next time and word would have spread: “We made a decision not to negotiate with criminals”, Heiferman wrote. “This is an attack on everyone who believes that people can be powerful together.”

The Register would also speculate that the low-ball threat is designed to make any target simply pay up and shut up, leaving the attackers to move on to the next company. Either way, props to Heiferman for his response.

The company assures its users that their data has not been stolen: the DDoS attacks have been designed for the sole purpose of overwhelming the business's servers and keeping the site offline. ®

Mobile application security vulnerability report

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.