December 1st, 2008
AlertPay hit by a large scale DDoS attack
Timing is everything. Millions of account holders at privately owned online payment gateway AlertPay.com weren’t able to do business through the service yesterday, due to the fact that AlertPay was under a large scale DDoS attack, according to a notice left by a company representative. Seven hours of downtime right in the middle of the Christmas shopping season with millions of businesses using the service affected, isn’t coincidental. This DDoS attack, just like the recent DDoS attack again a popular anti-fraud site, may have well been outsourced.
AlertPay’s statement on the situation posted yesterday :
“We are currently expericing a large scale DDOS attack that has hit our sites which started at approximately 6:00am EST Sunday. We are working with our data center to resolve and/or mitigate this issue. More information will be posted here as we get updates. For the time being customers can connect to AlertPay at an alternate location: https://67.205.87.226″
Several hours later, AlertPay issued an update to the situation :
“We have finally mitigated the massive DDOS attack that started at 6:00am EST. Unfortunately it took almost all day to resolve. The site is operational now, and hopefully we’ll continue to tweak it more tomorrow to ensure this doesn’t happen again. We sincerely apologize for the inconvenience and we understand that this outage affects each of you personally. We’re sorry for that. We will continue to put measures in place so that outages like this do not occur again.
Ferhan”
There are two possible explanations regarding who’s behind the DDoS attack. It’s either unethical competition which in times of international economic meltdown can easily restore its market position by damaging the reputation and reliability of known competitor, or cybercriminals in “revenge mode” against a particular online payment processor that has detected their fraudulent activity, thereby causing them huge monetary losses. Despite the fact that online payment gateways have always been targets for DDoS extortionists, with malicious attackers introducing new models like the DDoS for hire one, they have empowered literally everyone knowing how to contact them with the opportunity to forward the responsibility for an attack to a third-party. Here’s a brief retrospective of DDoS attacks against online payment processors that took place during the last couple of years, with only a single instance of DDoS extortion :
- 2004 - Worldpay’s DDoS attack
- 2004 - Authorize’s DDoS attack
- 2004 - Authorize-It’s DDoS attack
- 2004 - 2Checkout’s DDoS extortion attack
- 2006 - StormPay’s DDoS attack
- 2008 - LibertyReserve’s DDoS attack
With DDoS extortion as a business model largely replaced by today’s DDoS for hire services, we’re inevitably going to witness more attacks throughout 2009.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
