Heavily depends on company's presence in media and how much pressure the owner puts into it. The reports I submitted with evidence of DDOS and traces to the blackmail'er through IC3 form[1], none were replied.
On another side, as bliker mentioned, those are usually kids. Replying to them that you have submitted an official IC3 report usually stops them, and some were even asking to cancel the report.
> The shocking thing about these DDoS-for-hire services is that — as I’ve reported in several previous stories — a majority of them are run by young kids who apparently can think of no better way to prove how cool and “leet” they are than by wantonly knocking Web sites offline and by launching hugely disruptive assaults. Case in point: My site appears to have been attacked this week by a 15-year-old boy from Illinois who calls himself “Mr. Booter Master” online.
enabling source filtering in all networks will essentially kill off these UDP amplification attacks, because the attacker wouldn't be able to spoof your address as the source address.
Is there a good reason for someone to want a high volume of NTP requests? How do the owners of these servers not share more of the blame for sending so much data at a web server?
It should be straight forward to implement a protocol that each NTP server won't send data to the same ip more than once every 10 seconds regardless of the number of requests.
It's already been fixed. Newer version of NTP don't reply with more data than it gets sent, so you can't use the server for amplification. It's servers that have not been updated that are issues.
Where do you drop the packets? If your filter is inside your own network, and your bottleneck is your network connection to the outside world, then you're out of luck.
If you can arrange with your upstream internet access provider for them to filter out junk before it hits the bottleneck, then great - but that involves cooperating with people, which may take some time.
There will always be people who want to get some easy money and have the brains for that. Instead of playing the cat and mouse game we better take care that our networks are protected from, at least, small to mid-range DDoS attacks. The alternative is potential oppression from the governments - "you fear the bad guys, OK, then we will take some more freedoms from you and improve our surveillance to catch them".
Criminals work hard to re-invest their money in the upper world. Once they successfully do that punishing them can become very hard. Free, democratic and open societies are far more vulnerable to this than dictatorships, there you are either part of the 'in-group' or you're going to be hunted.
An open society makes the assumption that people play by the rules and that those that do not will be caught and can be punished. But in reality that assumption does not hold true. Witness the extent to which the Mafia has been able to ruin your country. They've managed to infiltrate the highest echelons of politics, live like kings and in general are so far above the law that it's farcical.
Punishment is for small time criminals. So yes, hackers, burglars, extortionists and so on stand some chance of being caught. But the big fish (in this case, the bosses of the hackers) will likely get away with it while some patsy does time.
Italy is the country where I live, but I'm not sure I'd call it "mine". If it were mine, I'd run it differently :-) I am not a citizen in any event.
I think you're wrong in any event: the more open and well run a society is, the harder it is for mafias to really take root. That's why they are stronger in places like Italy than in, say, Sweden: http://en.wikipedia.org/wiki/The_Moral_Basis_of_a_Backward_S...
And truth be told, there has been progress in the fight against the Mafia, just that it's a long slog, not something that's going to be fixed from one day to the next.
It's frustrating because Italy is one of the most beautiful countries in Europe and has many nice people living there.
Funny you should mention Sweden, they actually have quite a bit of gang activity and organized crime there. It's not as visible as the Mafia and definitely not as organized but being an 'open society' is definitely perceived as being ripe for the plucking by the not-so-nice elements in our world.
I find it favorable to compare with the other opposite: dictatorships. There you usually have very little small time crime, all the crummy criminals are caught and punished (usually very harshly). But the government is the elephant in the room in those countries, they are the real criminals.
I think that crime is somehow systemic, that it is almost impossible to have an open society without having crime in the populace and as that model shifts towards a more closed society the crime shifts with it until the majority of it is found amongst those that rule.
There simply is an element of society that will try to game any model in such a way that they maximize their pay-off while minimizing their potential exposure to hard work. Parasitic behavior. And being a parasite works, it's a good niche to be in and plenty of people that find the regular roads to riches closed to them for whatever reason figure that they're going to get theirs no matter what.
Regular warrants given after the attack (to get records or add logging and records) and no pre-existing logging on the network (enforced on providers, or done by a central entity with or without legal permission) makes it really hard to track down attacks which are short-lived, highly mobile, etc.
I'm not sure where the current, ideal, and historical tradeoffs have been for this.
Yes, but for the blackmail part, not the DDoS and then only if the perpetrators are in a country that cares to work with the laws of the victims country.
If all the ddos goes through a botnet, and the blackmail is done using Bitcoin, it could be really harsh for the authorities to find who is behind the attack.
Why do you think someone is innocent if they let some third party use their computer without permission? For essentially all malware that makes your computer part of a larger botnet, you have to be extremely careless to let it get on your device, not dissimilar to leaving your car unlocked when it is subsequently stolen and used in a crime (or just misused by playing kids). The latter is illegal[0], why should the former be ok?
Tell dont not to open .exe file in Email.
"What is .exe files?"
Dont use IE
"What is IE? Next time they click on it to get to the Internet"
Can You please stoping using XP?
"Why should I pay for upgrade when everything i do is working perfectly fine?"
Honestly, there are people who dont know Shxt. And they dont want to know about it either. To them even basic computer usage is extremely complex. That is why Tablet, is getting the traction in Grandma and others who dont want anything but a Internet and Application capable Appliance.
How much do you know about your car's internal combustion engine and components?
Your home electrical?
Your home plumbing? Natural Gas? Lawn care?
The pumps that fuel your car tank?
Not everyone can be an expert in everything. Someone who makes their living perfecting one of those aspects might look at things you do and say "don't do that, you're damaging it" but to you its "who cares? I just need it to work and its been fine up until now!"
Computers/software might be your thing but they're not Grandma's so don't push your agenda on someone just because they might have some ignorance you don't.
Yeah, exactly. We almost live in computers, most of our friends and colleagues do, but there are so many people for who computer is just a black box. And there is nothing to be angry about. You don't want car mechanic, or plumber to be thinking that you are an idiot, casual users don't want that either, they just have more important things to care about :)
Indeed. I used to catch tons of shit about not understanding cars from a mechanic friend until his laptop died and I helped him recover photos of his kids.
Now we're both content to be wizards of our own domains without talking down to each other about it.
I would have expected a lot of HN users and a majority of those working professionally in technology to have at least basic high school knowledge of electrical and mechanical principals.
If I where interviewing some one for a developer role and they had not at least heard of ohms law or similar basic principals I would probably pass on them.
"not dissimilar to leaving your car unlocked when it is subsequently stolen and used in a crime"
In the US at least, this is not a crime. If someone leaves their car unlocked by accident, why should they get punished if someone steals it and uses it for a crime?
Victim blaming is not the answer, it's just silly.
> In the US at least, this is not a crime. If someone leaves their car unlocked by accident, why should they get punished if someone steals it and uses it for a crime?
Negligence. If you own a powerful tool, you are at least in part responsible for it not to be misused. Similarly to how you are usually required to keep your guns locked away and are held responsible (at least ideally…) if someone steals them from your kitchen table and misuses them, you are held responsible if someone just sits in your car and drives off to kill someone.
> Victim blaming is not the answer, it's just silly.
Except that the victim in a DDoS is the person being ddos’d, not the random user who installed malware. If someone gave you a key and said “Enter this flat over there, take the computer, bring it to me and I’ll give you 10€“, you couldn’t later claim to be a “victim” because they stole your time. If someone sends you a file and goes “double-click this and you’ll get fantastic porn”, I don’t see how you could later claim to be a victim if they stole part of your data cap.
If someone tells you "Enter this flat over there, take the computer, bring it to me and I’ll give you 10€", its on you to realize that that is illegal (and morally wrong) and refuse to comply.
"Double-click this for fantastic porn", on the other hand, will sound perfectly legitimate to many unsuspecting computer users. And there is nothing inherently illegal about the act.
A gun is one of the few things you could reasonably make the negligence argument with. Anyone can get a car, or a knife, or a big plank, and leaving one in the street with no lock does not meaningfully contribute to crime.
If yes, how long does it normally take to get them? If At all? Weeks? Months? Years?
These days DDoS seems far too easy, far too common.