Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

three million dollar botnet attack in Japan

From: David Farber <dave () farber net>
Date: Sun, 1 Jun 2008 16:27:44 -0700

________________________________________
From: Rod Van Meter [rdv () sfc wide ad jp]
Sent: Sunday, June 01, 2008 8:57 AM
To: David Farber
Subject: three million dollar botnet attack in Japan

Dave, for IP, if you wish...

http://www.yomiuri.co.jp/dy/national/20080601TDY01305.htm

Botnet cyber-attack costs company 300 million yen
Kenichiro Tanaka Yomiuri Shimbun Staff Writer

A type of blackmail is increasing in Japan in which a blackmailer
bombards companies' Web sites with data sent from tens of thousands of
virus-infected personal computers to hamper browsing of their sites.

Attackers demand money in return for stopping their cyber-attacks. A
source said one major Tokyo company suffered more than 300 million yen
in damage because access to its site was halted for a week due to the
repeated "denial of service" attacks.

Net security firms have issued an alert over this new type of
blackmail.

On Dec. 27, it became impossible to browse the Tokyo company's site for
its normal offerings of travel, bar and restaurant information and the
sale of daily commodities. Immediately afterward, a person claiming to
be from a Net security company sent a e-mail in Japanese to the site
operator.

The mail read: "Is your company's Web site still inaccessible? There is
a problem with your site so we're offering to fix it. The repair fee is
480,000 yen. If you don't pay the fee, you may suffer [further]
attacks."

The denial-of-service attacks continued for a week as the site operator
ignored the perpetrator's demand for money.

A check of communication records found the denial-of-service attack had
sent data at a rate of as much as 6 gigabytes a second. This means that
tens of thousands of personal computers were accessing the site
simultaneously, causing the operator's telecommunication lines to break
down.

<snip>

Speaking entirely personally, of course...

Without going into a lot of analysis, if most of the botnetted machines
doing the DOS attack are in China, that inevitably means that the
international lines are heavily clogged; there are only a handful of
those between China and Japan, and it should be relatively easy to
install a block there (a bad solution in many ways, but a worse
problem).

(I haven't looked at the exact numbers on a recent map, but I doubt
there's 50Gbps between China and Japan -- and there's *definitely* not
so much bandwidth between the two that 50Gbps of DOS attacks would go
unnoticed.  The numbers in the article are probably off.)

                --Rod





-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: