Foiling the “Russian” Hackers
Read how the Really Simple Systems’ development team foiled a DDoS attack from a supposed “Russian” hacking group trying to take the web site down.
While a fun place to work, excitement at the Really Simple Systems is generally reserved for occasions out of the office, namely our User Conference, team-building trips, team lunches and the annual Christmas party! So yesterday’s events were quite unusual.
Yesterday morning our public web site, www.reallysimplesystems.com, was hit by what’s known as a DDoS attack, a Distributed Denial of Service. A DDoS attack is a cyber-attack where the perpetrator floods the targeted site in an attempt to crash it. Using more than one, and often thousands of, unique IP addresses it looks to overload systems and blocks their legitimate use.
In general, DDoS attacker target high profile companies, like banks and credit card companies where disruption would cause a high impact. The motive is generally extortion.
So early yesterday morning, just before 7 am (BST), an attack to our website meant it was down for 15 minutes. An email to our CEO, John Paterson, purportedly from a Russian hacking group, claimed responsibility. They demanded the payment of $600 within 6 hours or they would take the site down again. The email contained details of their capacity to launch another attack.
Exciting indeed! Had the fame of Really Simple Systems reached such heights that down-time of its website should be deemed “high-impact”? As the company’s Marketing Manager, I thought the sum of $600 paltry. Nay, insulting! Surely they should be demanding at least $6,000?
Anyway, whilst I reflected on this, our Development Manager, Chris Tree, and Senior Developer, Matt Treagus, took time out from their work on our new CRM Version 5 to take the matter in hand.
To ensure our site was fully protected, Chris and Matt, set about building multiple web servers to manage the load balancing and then installing DDoS protection. By the appointed hour everything was in place but nothing happened. Was our Russian friend bluffing?
Further investigation showed that the hacker’s email had been sent from an IP address in Los Angeles. This would have meant that the message was sent around 11 pm at night. It also seemed to have been sent from an Outlook account, suggesting not a very sophisticated hacker. Maybe one enjoying some high-jinx, just before his bed-time?
This left us rather deflated. But then, as dawn broke over LA, our web site went down again! Chris and Matt jumped into action and switched on the protection. Bingo! The site came back up again with cheers all round!
So with our not-so-Russian hackers defeated it’s back to business as usual.