By Keith Regan E-Commerce Times
09/23/04 10:15 AM PT
Glen Zimmerman, a spokesman for Authorize.net parent company Lightbridge, told the E-Commerce Times that the attacks began late last week and and were similar to previous incidents that involved an e-mail containing a warning along with promises to halt the attacks if money was wired to a certain location.
How Much is 'Free' Costing You? Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.
Online malice again was targeted at one of the backbones of the Internet, with the launch of a denial-of-service attack against credit card processor Authorize.net reportedly coupled with an attempt to extort money to halt the barrage.
Authorize.net, which offers credit card processing services to online merchants and through third-party software providers, acknowledged the attacks yesterday.
In a note to members of the site, Authorize.net said the attacks had been going on for "a few days" and were "increasingly severe."
DDoS attacks seek to bring sites down by deluging servers with requests for information.
The attack appears to be similar to several denial-of-service hits that occurred over the summer, when Web infrastructure provider Akamai Systems was targeted and just a week later, interactive advertising company DoubleClick (Nasdaq: DCLK) was struck by a DDoS attack that left that company's servers temporarily unable to deliver ads to thousands of popular Web sites.
The attack also comes less than a week after leading Internet security company Symantec (Nasdaq: SYMC) warned in its twice-yearly report on Web threats that e-commerce had quickly become an popular attack target, marking a shift away from hack attempts meant to gain notoriety and respect from other hackers toward those whose aim is monetary.
'Near the End'
Glen Zimmerman, a spokesman for Authorize.net parent company Lightbridge, told the E-Commerce Times the attacks began late last week and mirrored previous incidents that involved an e-mail containing a warning of the attacks along with promises to halt them if money was wired to a certain location.
"We immediately involved the authorities," Zimmerman said, adding that the FBI's cybercrime unit is investigating. "We also started to work right away to minimize the disruptions from the attacks," through capital improvements to its server network and other measures, he said.
Based in Bellevue, Washington -- and formerly a unit of Infospace until Lightbridge purchased it in April for $82 million -- Authorize.net has about 110,000 customers, Zimmerman said, the vast majority of them small merchants selling items ranging from "afghans to pet medications."
He noted that payments were not lost, but instead may have been delayed or refused by any outages caused by the attacks. Authorize.net acts as a Web-based middle man, taking credit card information from merchants and processing them with the card companies.
Although the attacks have been occurring on and off for nearly a week now, "You could measure the entire time we've been unavailable in minutes rather than hours," Zimmerman said. "But we recognize that we're the lifeline for many of our merchants."
"We are very optimistic that we're near the end," he added.
Familiar Refrain
Graham Cluley, an analyst with antivirus firm Sophos, noted that many of the recent worm outbreaks, such as several of the numerous Netsky variants, have had a secondary goal: to turn infected computers into zombie machines that can become part of a DDoS attack.
Most distributed denial-of-service attacks now involve zombie machines, he added. And most sophisticated attacks, especially those that involve extortion threats, seem to stem geographically from Eastern Europe.
Cluley noted that an attack earlier this year against online gambling sites, which also included an extortion attempt, was traced to St. Petersburg, Russia.
He added that virus writers know that the vast majority of computer users fail to keep antivirus tools up to date or apply patches when vulnerabilities are discovered, making it relatively easy to create a massive network of machines that can be used to take down even powerful server farms.
"The criminal element is seeing the opportunity for launching significant attacks against Web sites via zombie computers," Cluley said. "These attacks underscore how important it is that a person with just a single computer connected to the Internet keep that computer secure. Failing to do so puts the entire Internet at risk for these kinds of attacks."
Are Firewalls Useful? And Another Thing... September 23, 2004
Address spoofing depends crucially on being able to hide the real source address, so why not make that impossible? One way to do it would be to have all the ISPs and network carriers whose connections constitute the Internet certify where packets entering the network come from.
Related Stories
Boston Scientific Announces Roaring Sales, Net Income July 26, 2004
"We were especially pleased with the strong conversion rate to drug-eluting [heart] stents in the United States, which reached more than 80 percent by the end of the quarter. This resulted in a significant leveraging of our profitability, and we will be working hard to ensure it continues in the coming quarters," CEO Jim Tobin explained.
Will .Net Developers Get Mono? June 09, 2004
"Mono currently doesn't have an impact on most of my clients," said Thomas Murphy, vice president of research services for Meta Group. "Use of Linux in the enterprise is growing, but most people are using it for Java and if they are comfortable with .Net they generally are comfortable with Windows," he told LinuxInsider.
Novell Introduces Mono as Open-Source .NET Strategy November 19, 2003
"I think the SuSE acquisition gives a clear indication they would want to continue these projects," Yankee Group senior analyst Dana Gardner told TechNewsWorld about Mono. "It really appears Novell is working toward an end-to-end Linux solution."
Microsoft Updates Tool to Convert Java to .NET July 15, 2003
Microsoft's focus on tools for converting Java into C# suggests the company is doing all it can to make it easier for those working in Java to switch to Microsoft's .NET framework.
Microsoft's .NET: Still .NOT Fully Baked? January 24, 2003
.NET may benefit most from word-of-mouth, rather than from the heavy marketing pushes planned by Microsoft and some of its partners, including tech giant HP.
Related News Alerts
More by Keith Regan
Yahoo Slaps Fresh Coat of Gloss on Microsoft Deal Defense June 30, 2008
With its shareholders meeting set to take place in less than five weeks, Yahoo has put together a 32-page presentation, emphasizing why the investors should vote to keep the current board in place. The company also reiterated why it chose to partner with Google instead of letting Microsoft buy part of it.
French Court Stings eBay With $63M Judgment Over Knockoff Sales June 30, 2008
eBay is planning to appeal a ruling by a French court that ordered it to pay $63 million to the luxury goods maker Louis Vuitton Moet Hennessey. The court also barred the online auctioneer from selling four brands of perfume on its Web sites accessible in France.
New Auto Loan Leads Marketplace Shifts Into Drive June 30, 2008
Reply.com's move into the auto finance market is a logical one the company, as automotive advertising spending is moving online in increasingly greater amounts. The company is partnering with the Detroit Trading Company to create a massive repository of auto finance leads online.
Headline Feeds
Talkback: 
