What would you do if you received this message?
- 02 November, 2015 08:40
Let me stop here and let you enjoy this.
So what do you do?
You already have been bombarded with 4 million packets per second and you know that it is only time until your system vulnerabilities will start to be exposed. Actually you don’t really know what will happen, as this is the first time you have witnessed this event happening before your eyes.
Once you have got over the poor English language that has been used in the message, it dawns on you that ‘Houston we have a problem’
So what are your options:
- Call your Telecom provider and ask for their assistance?
- Get out that business card and buy a DDOS service?
- Go online and buy 100 bitcoins?
- Pray like hell or go straight to the pub?
Option 1 your Telco Provider
This is when you try to call in the favour and get your partner to help.
Of course this all depends on your business scale etc and how long you have been working together. However it is unlikely that they would support you, as the attack will start to effect their own service.
Option 2 Buy DDOS
There is no time to negotiate the rate, so it will be at the top of the range of the price book. It is likely that you will need to escalate the approval as it is outside of normal delegated authority.
You will expect that while this measure will work, that there will be questions asked from Risk Committees, Procurement and others about why this transpired. While you may get the organisation out of trouble, you may have landed in it along the way.
Option 3 Buy Bitcoins
There is never a fast way to acquire Bitcoins, unless you have already traded in the past and have already completed the normal KYC process.
If you do have Bitcoins, then you will also be suspicious that this is not going to be the end of the demands.
Arrhg……
Option 4 - Pray like hell or Go to the Pub
Sorry, this will only serve to soothe you and numb your feelings. But actually not have any added benefit to the situation.
It may be cheaper than 100 bitcoins, but your career may be over and there’s not much that you can do.
The Real Case Study
In this real life example, that occurred option 2 was chosen by the client.
They actually had a DDOS service that was in-place and they had tested this on a periodic basis. The SLA was 15 minutes and this was nearly met, however there was human judgment involved and that delayed this by a few additional minutes.
As the business was an online mobile based company, any outage would have dire consequences and the hackers chose the perfect time to strike – which happened to be at an expected peak time.
Once the network traffic was diverted via the DDOS provider, the danger was averted and in effect the attack was abandoned………Life reverted to normal.
Some Learnings
At the time of the crisis – a 3rd party organization was engaged to provide the Network and Cyber Security monitoring and they took the necessary and express actions to address the issue. They told me this story and to protect the innocent they have declined to be named or to share their client’s name.
This is even when things actually worked out well.
The other learning was that it was expected that this organization could withstand up to 500MB before the firewalls would start to drop packets and become useless.
However the learning was that the packets that were sent to flood the firewall were designed to maximize damage and the issue kicked in much earlier than expected at 300MB of bandwidth.
It is not impossible but actually very hard to practice such a scenario.
