« Top Takeaway from the WhiteHat Website Security Statistics Report (May 2013) | Main | Stop Saying Cybersecurity When You Mean Infosec (and vice-versa) »

Wednesday, 22 May 2013

#DDoSjoke

Brian Krebs recently wrote articles about a disturbing trend: legitimized Denial of Service. The first story, DDoS Services Advertise Openly, Take PayPal,  exposes the emerging industry. The second story, Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor?, relates an interview with Justin Poland, who admits to operating this DDoS Service and who claims that the site "includes a hidden backdoor that lets the FBI monitor customer activity." (This admission, if corroborated, partly answers my question, "if denials of service are not illegal, then why the hell not!")

I read Brian's articles, then found a referrral article at Sophos, DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney. Running a business based on disrupting other businesses is anethema to me, but for whatever reason, the image of  "a guy with an attorney" gnawed at my imagination and I could not help but construct and post a DDoS joke to Twitter.  Transcribing it here:

A guy with an attorney DDoSs a bar.

The bartender asks "Is this legal?"

Guy says "Pour me a beer and I'll tell you".

Bartender replies "I reserve the right to deny you service."

Attorney says "Are you one of my clients?"

It was either this or return to bed sobbing...

 

 

Posted at 11:46 AM in All matters security |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name is required. Email address will not be displayed with the comment.)

Search

My Photo
The Skeptic's email address

Categories

Spotlight Posts

  • Malware Landscape 2022: unabated malware growth, continued exploitation of IoT devices
    My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.
  • New TLDs are coming #Dangerclose.
    A Domain Name Wire post, Time to pay attention to the next round of new TLDs, begins with an ominous: They’re coming. Eventually. While not as dramatic or enduring as Arnold Schwarzenegger's "I'll be back", the reporter cites policy activity at ICANN as evidence that new TLDs are coming. Eventually. In a September 2019 post, and in response to the ICANN memorandum, Readiness to Support Future Rounds of New gTLDs, I asked, Has enough been done to study and rectify the concentration of security threats in the new TLD space? In that post, I quoted correspondence from ICANN's security advisory...
  • Economic impact payments (EIP) Phishing: US citizens under attack from US bases of phishing operations
    Dave Piscitello and Dr. Colin Strutt As part of the US Covid-19 virus tax relief effort (American Rescue Plan Act of 2021, H.R.1319), the US Internal Revenue Service (IRS) issued a series of Economic Impact Payments to millions of eligible citizens. The third payment was authorized in March 2021. Criminals took note of this well-publicized program and put a phishing campaign together to profit by stealing and subsequently exploiting personal information of US citizens. Like many phishing campaigns, EIP phishing emails and text messages mimic correspondence to convince US citizens to submit personal information or an advance fee payment at...
  • Study reports a 70% increase in phishing from May 2020 through April 2021
    My Interisle colleagues, together with Greg Aaron of Illumintel, have published a study of the scope and distribution of phishing. From 1 May 2020 through 30 April 2021, we collected nearly 1.5 million phishing reports. Our analyses found ~700,000 phishing attacks among the reports collected. Highlights from the study: Phishing increased by nearly 70% over the yearly period. Most phishing is concentrated at small numbers of domain registrars, domain registries, and hosting providers. The top 10 brands targeted accounted for 46% of the phishing attacks associated with specific brands. Phishing attacks are disproportionately concentrated in new Top-level Domains (TLD). We...
  • In new study Interisle Reveals Excessive Withholding of Internet WHOIS Data
    My Interisle colleagues, together with Greg Aaron, have completed an in-depth analysis of the effects of ICANN policy for WHOIS, a public lookup service that has until recently made it possible to identify who registered and controls a domain name. The European Union’s General Data Protection Regulation (GDPR), adopted in May 2018, restricted the publication of personally identifiable data in WHOIS. In response, the Internet Corporation for Assigned Names and Numbers (ICANN) established a new policy, allowing registrars and registry operators to redact (withhold) personally identifiable data from publication in WHOIS. The implementation of this policy has been widely criticized,...