The DDoS (distributed denial of service) attacks began Sept. 15, and they continue to this day. "We received an extortion letter demanding a large sum of money," said Mandell, who is vice president of development and operations at Authorize.Net. "We were able to handle the attack" at first, he said, explaining that the company had tailored its response based on past attacks against it and others in the same business. But things got worse in a hurry.
"The second and third attacks were bigger than anything wed ever seen," Mandell said. He said it was clear that the attackers were using a bot network because of the wide number of IP addresses that they used.
Most of the attack was a SYN flood, in which the attacker sends a large number of TCP connection requests that soon overwhelm the servers (or the routers, depending on the design).
Once the volume of bogus requests ramped up for the new rounds of attacks, Mandell knew that additional steps were required. He quickly contacted trusted consultants and vendors and put together a plan to ward off the attacks. But he already knew that no single solution would be enough in this case.
"We installed a variety of appliances," he said, noting that because the new appliances use a mix of deterministic and heuristic methods, the multipronged defense would work. It did. In short order, while the attacks continued, his customers were reaching him without a problem.
Mandell said that when he chose the products to protect his enterprise, he didnt limit himself to just preventing SYN floods or even just DDoS attacks. He chose products that would protect against a wide variety of methods. While he declined to say what appliances and other products the company actually bought, he did say that the solution is capable of handling a much bigger business than his is now.
While the attacks no longer pose a significant threat to the operations of Authorize.Net, that doesnt mean the problem has gone away. Instead, the most important phase is now under way—tracking down and arresting the people who are attacking it.
Mandell said one of the first things the company did was call the FBIs Cyber-Crime division in Utah and get them on the case. The FBI is actively involved in hunting down the bad guys. While that agency will not discuss an active investigation, Mandell said he has some indication that theyre making progress. "Theres a pattern here," he said, and that is leading the FBI to dig even deeper.