

Tech Startups Are Targets of Ransom Cyberattacks - bgray
http://bits.blogs.nytimes.com/2014/04/03/tech-start-ups-are-targets-of-ransom-cyberattacks/

======
hoggle
A great way to push policies and technologies towards a more regulated
Internet.

I might have my tinfoil hat on here but without any doubt we need to make away
with all the centralization because that's what is the problem, really.

Aggressive push towards distributed services - think bittorrent/sync and
bitcoin/blockchain technology as the solution to distributed network attacks.

Challenge accepted?

~~~
jiggy2011
The hard problem there is the business model, not the technology.

~~~
hoggle
Namecoin, Ethereum and Open Transactions come to mind.

Maybe the future is much more evenly distributed and we all make a living by
offering energy and computing power to those services? Why did PGP never take
off? I would love to set up my own "miner" for it to play its part in a truly
decentralized and secure Email service. Open source as the "business model" is
key in that scenario.

I don't have enough energy nor am I smart enough to actually create those
kinds of services but I do feel stuff like that is the way out of this mess.

Interesting articles on topic:

"Enter The Blockchain: How Bitcoin Can Turn The Cloud Inside Out"

[http://techcrunch.com/2014/03/22/enter-the-blockchain-how-
bi...](http://techcrunch.com/2014/03/22/enter-the-blockchain-how-bitcoin-can-
turn-the-cloud-inside-out/)

"Can Namecoin Obsolete ICANN (and More)?"

[http://theumlaut.com/2014/02/05/namecoin-
icann/](http://theumlaut.com/2014/02/05/namecoin-icann/)

~~~
jiggy2011
The problem here is that the money is made by providing commodity services
rather than engineering effort. So the person who designs the innovative
decentralized system makes much less money than the person who can throw a lot
of cheap servers into a rack.

~~~
tlrobinson
Bitcoin itself is possibly one of the first exceptions to that.

We could see more opportunities for distributed services to be monetized in
similar ways. It needs to be done carefully, as there's a strong bias against
"pre-mined" schemes.

Read up on DAO/DACs if you're interested ("Decentralized/Digital Autonomous
Corporations/Organizations"
[https://en.wikipedia.org/wiki/Digital_Autonomous_Corporation](https://en.wikipedia.org/wiki/Digital_Autonomous_Corporation)
[https://en.bitcoin.it/wiki/Distributed_Autonomous_Community_...](https://en.bitcoin.it/wiki/Distributed_Autonomous_Community_/_Decentralized_Application)).
It's still mostly theoretical stuff, but Ethereum, ProtoShares, etc are
working on these ideas.

------
hopfog
I was speaking to someone in the esports industry yesterday who said that DDoS
attacks have become a real problem in high tier tournaments. Apparently you
can get a bot net which is more than capable of blowing out the whole opposing
team for as low as $100.

~~~
eertami
The problem of DDoS in high tier gaming isn't a new one, probably 10 years or
longer. What I don't understand however, is why these players who are affected
by DDoS are still leaking their IP with Skype all the time.

Uninstall Skype, get a new IP, and it'll probably never happen to them again.

~~~
theboss
Or use a secret skype if it is necessary... A lot of streamers use skype to
provide content of them interacting with others in an interesting way (and
skype is pretty good for this without the hassle of ventrilo, mumble,
teamspeak, or whatever alternative).

I don't see why more of them don't make token skype accounts regularly. It
isn't much of a hassle and it raises the security bar quite a lot compared to
always using the same account.

------
rguzman
heh...basecamp, meetup, vimeo, and bit.ly are 'small'.

Are there any documented instances of this happening to smaller startups? And,
relatedly, are a set of best practices emerging to deal with this sort of a
thing?

~~~
zackliscio
I'd be really curious to see best practices for smaller startups. We've never
been hit with a DDOS, but bot attacks seem pretty commonplace. I'd love to see
the open source community come together to create some mitigation strategies,
though I admit I don't know what they would entail.

~~~
nraynaud
I naively think I could just go to cloudflare with my attacked site, am I
wrong?

------
solomatov
This stuff have been taking place in the Russian segment of the internet for
several years and create a quite profitable business of DDoS protection.

------
randall
"Even after the attack was mitigated, the attacker continued to send
increasingly whiny emails."

What whiny emails did they send?

------
raghumittal
Incidentally, I recently noticed that Digital Ocean was also under attack and
our servers were real slow for quite a few days, and i was wondering if
Amazon/GoDaddy had anything to do with it :)

