In a recent podcast episode, stack.io CEO Hany Fahim talks about a series of massive Denial of Service (DoS) attacks that sidelined his clients, included ransom letters, and getting a call from the FBI. The Denial of Service attacks led to a denial of sleep for the stack.io team.
It started with a buzzing phone
It was Saturday, October 17, 2015, at 10:30 p.m. Hany’s phone started buzzing. Generally, this isn’t a good sign. stack.io’s monitoring system was informing him that several of their customers’ sites had gone down.
“When your phone buzzes like that your heart tends to skip a few beats,” says Hany.
Welcome to the neighbourhood
Hany uses an every-day analogy to make this technical tale relatable – the local coffee shop. This shop, well-known and loved, represents a web application, and the loyal coffee drinkers are the end-users. The sidewalks, roads, and highways serve as the various networks that people can use to get to the shop. This is the World Wide Web we all know.
Continuing the analogy, the coffee shop has neighbours – a donut shop, burger joint, and barbershop. stack.io can be viewed as the property manager of these businesses..
Hany and his team were up and running quickly to identify and resolve the problem. The coffee shop was being hit by a DoS attack and traffic was up 2,500 percent. That means 25 times the normal numbers.
At the coffee shop’s busiest period, it would see about 40 people packed into its small retail space. But the attack meant that it was akin to 1,000 people showing up all at once.
The attack, from Russia, Romania, and Ukraine, lasted only seven minutes, but it took a sleepless night for Hany to figure out the cause.
More security, more buzzing phones
While firewalls were already in place to protect the coffee shop, it was clear more security was needed.
Tuesday, December 8, 2015: Two months later at 3 p.m. – primetime and a bigger attack with traffic increases of 3,000 percent. The coffee shop was spared, but the donut shop bore the brunt of the attack.
Wednesday, January 20, 2016: A third store – the local burger joint – was the target in yet another massive attack, the largest so far, with 12,500 percent more traffic than usual.
Tuesday, January 26, 2016: The coffee shop is hit again. Traffic was up 2,000 percent!
After significant research and financial spend, Hany was able to add new security measures to keep clients safe. But these would take some time to be fully implemented.
For almost two months, the days were uneventful, until things took a turn for the worse on Monday, April 18, 2016. The coffee shop received a ransom letter! Hackers threatened a mammoth DoS attack in seven days unless they were paid a protection fee of 11.41 bitcoins, about $6,000 Canadian dollars (at the time).
What to do? Hany’s team decided that paying the hackers was not an option. It would send a message that they could be bought. Instead, they proceeded with security improvements.
Again, on Friday, April 22, 2016, another attack. This time the coffee shop, donut shop, and burger joint were spared but the local barbershop was overwhelmed with a traffic increase of 4,000 percent.
While this was happening, the burger joint received its own ransom letter, with a hacker threatening to make their customer database public. Sounding remarkably different from the first ransom letter, this one wanted only “a modest consultation fee of $300 US dollars,” and also promised to point out security vulnerabilities in their systems.
The day before the first threatened attack, Sunday, April 24, additional modifications were made to sites.
“Monday. Zero hour. I didn’t get much sleep that night and cancelled all the meetings for the day in anticipation of a day of battle. I remember walking up and down the halls of our office not really knowing what to do with myself,” says Hany.
However, in the end, nothing happened!
Hany’s team had spent three months working on a “scrubber” – a security system that would prevent any further attacks – and it was finally fully implemented.
Hany – tired and grateful – was relieved that his denial of sleep was over.
“I can tell you; I had the best sleep of my life that night,” Hany revealed.
If this wasn’t drama enough, about a year later, the FBI contacted Hany about the attacks. They were looking into similar attacks in the United States that seemed linked. The FBI had a suspect!
When the FBI completed its investigation, the suspected hacker was facing a 17-year prison sentence and a $750,000 fine.
For the full story with all the technical details, be sure to listen to the podcast.