Electronic Extortion and the Neighborhood Cyber-watch – DDoS, CloudFlare, Feed.ly, and Evernote


On June 11th, 2014, both websites Feed.ly and Evernote were under attack from a common cybercrime tactic known as a DDoS or a Direct Denial of Service. This happens when a company’s servers are overloaded with requests from a massive wave of users all trying to connect to the server at once. It can be difficult to account for since the only surefire way to establish safeguards against this measure is to increase server capacity beyond the capabilities of the DDoS attack itself. This is not easily accomplished since increasing server space and traffic handling capabilities can be very expensive.

To make matters worse the criminals were trying to extort the websites under attack by stating that they will lift the DDoS assault if they paid their ransom. The speculation is that the bot network used to execute the attack was hired from another cybercriminal who originally controlled the botnet. These “hirelings” are then sent out to perform the attack while another criminal attempts to extort money from the victim to lift the ban.

The criminals appeared to be relentless because wave after wave of DDoS onslaught bombarded against the server walls of Feed.ly and Evernote. Three waves in total all attempted to extort money from the companies with each attack becoming more and more distressing. Why Feed.ly? Feed.ly had just recently launched a premium option for their services. While still fully capable of populating an RSS feed with the free version, the premium version added some nice benefits for power users and business class clients. It is assumed that this is the money the criminals were after.

In response to these attacks, Feed.ly made it known that they were working with a DDoS mitigation company known as CloudFlare. CloudFlare is a content delivery network that improves website performance and security. And it’s free…to a point. Operating off of a “freemium” model, CloudFlare has a free option that provides baseline network security for handling information requests but also offers different levels of protection beyond the free option for a subscription-based fee.

Utilizing their own developer operations along with CloudFlare support, Feed.ly and Evernote were able to survive three distinct waves of DDoS onslaughts all the while never giving in to the extortion schemes of the attackers.

The moral of this story is that it seems that internet crime has evolved into a joint effort between criminals. A botnet controller, who is a criminal, sold his services to an extortionist, also a criminal, to try and extort money and share in the profits. This is very reminiscent of more classic organized crime where shopkeepers would pay the criminals a “security deposit” to ensure their store wasn’t damaged by the criminals they were paying.

Regardless, this will not be an isolated incident. Companies such as CloudFlare and others have stepped up and freely offered their services and helped create an internet neighborhood watch of sorts. After all, an ounce of prevention is worth a pound of cure.

About the Author

The International Association of IT Asset Managers (IAITAM) is the largest organization providing education, certification and thought leadership to the management of IT as a business. IT Asset Management is the management of hardware, software, mobile and other technology to maximize the value to the organization.