Meetup.com Battles DDoS Attacks

[Reefa]

The website Meetup.com is back online after a powerful distributed denial-of-service attack was launched against the site.

The attack began Thursday when an attacker sent an extortion demand for $300 to Meetup CEO Scott Heiferman in an email. According to the CEO, the attack began simultaneously, overwhelming the site's servers with traffic.

"We got to work mitigating the attack, but we remained unavailable for nearly 24 hours," he blogged. "Service was restored Friday at 9.30am EST, but it took many hours for the changes we implemented to defend against the attack to be distributed across the Internet. Many folks did not see us come back up before we were hit again."

"On Saturday at 4 pm EST, we received another severe DDoS attack," he continued. "By midnight EST, the engineering team implemented a new solution, and Meetup’s website and apps were widely accessible again. On Sunday, at 8:09 pm EST, another strong attack began again, taking Meetup down for a third time. We spent the past several days taking every step to ensure the site and apps are available."

The site was down for part of the day as the company recovered from the attack.

Heiferman blogged that the company did not pay the ransom because it does not negotiate with criminals and capitulating could make the site a target in the future.

"The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated," he opined. "We believe this lowball amount is a trick to see if we are the kind of target who would pay. We believe if we pay, the criminals would simply demand much more. Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world."

Heiferman made the right decision not to negotiate, said Frank Ip, vice president of U.S. Operations at NSFOCUS, adding that it could start "a vicious cycle that we've seen in similar circumstances."

"Fortunately, the perpetrator is not very sophisticated in this case, as he is using a lot of resources to launch a massive volume attack that is only causing periodic Web and mobile outages," he said.

Source

[Reefa]

March 5, 2014 , 3:22 pm Updated:

Social networking site Meetup.com is finally back online today, yet officials at the site are warning it could still face future outages following a series of sustained distributed denial of service attacks (DDoS) over the weekend.

Meetup is a social networking portal that allows individuals with common interests to converse and convene. The 12 year old site boasts nearly 16 million users who host and attend almost 316,000 meetups a month.

According to a blog post on Monday by Scott Heiferman, the site’s co-founder and CEO, Meetup.com’s “tough weekend” started a day early on Thursday last week when the first of what would eventually be three DDoS attacks crippled their servers. The site remained offline for about 24 hours on Friday before going down again on Saturday at 4 p.m. Thanks to some security changes the Meetup.com team implemented in the meantime the company was able to get the site back up by midnight Eastern Standard Time that night to make the service’s apps and site available to users.

After a relatively calm Sunday the third DDoS attack hit at 8:09 EST that night. With site engineers working feverishly to restore the site’s elements, Meetup popped back online on Monday at 4:30 p.m. EST.

According to the Heiferman the attack was apparently preceded by an email that suggested the DDoS attack could have been mitigated had Meetup.com paid $300:

Date: Thu, Feb 27, 2014 at 10:26 AM

Subject: DDoS attack, warning

A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer.

Heiferman claims the company agreed not to pay the amount stressing that Meetup didn’t want to negotiate with criminals and set a nasty precedent. The attack started “simultaneously” after.

“Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world,” Heiferman wrote Monday, adding that if the attackers were simply low-balling them on the $300 the criminals might have just taken their money and then simply demanded more.

While experts agree that Meetup.com’s decision was ethical, some believe the site could have benefited from an established cyber-attack defense plan.

“Long before the demand for cash was made, attackers were likely probing the Meetup service, searching for vulnerabilities and preparing to launch an attack that would do the most harm,” said Ashley Stephenson, the CEO of Corero Network Security, a firm that specializes in DDoS prevention, on Tuesday.

A FAQ posted yesterday by Meetup about the outage assures its users that none of their information was accessed or stolen, the DDoS just made getting onto the site tricky, which in turn made difficult to do its job, let Meetup groups actually Meetup.

To repay its users Meetup.com is crediting all users classified as Organizers with seven extra days. Organizers are basically members of Meetup.com who pay a fee to use the service to find like-minded individuals and set up Meetups. The FAQ adds that any Organizers who were supposed to renew their accounts over the weekend but couldn’t as the site was down have had their renewal periods extended as well.

While Heiferman claims the company will continue to not pay the hackers, he does promise the site will “stable and reliable soon.”

Meetup claimed Tuesday it was still working to restore user functionality and working thru the email queue.

“It’ll take time,” the group tweeted Tuesday.

Source