‘Tis the season for denial-of-service attacks it seems.
Not only has Evernote been struck by a DoS attack overnight, but now RSS news aggregator Feedly reports that its cloud-based service is suffering from a distributed denial-of-service attack that could impact users’ ability to catch up with the latest updates from their favourite websites.
Feedly saw a boost in popularity, when Google announced last year that it was closing down its Reader service - used by many to manage their RSS feeds. Today, Feedly boasts millions of daily users.
The company did well out of Google Reader’s demise, and is a showing a similar plucky attitude in its response to this threat against its online service.
Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can.
We are working in parallel with other victims of the same group and with law enforcement.
We want to apologize for the inconvenience. Please know that you data is safe and you will be able to re-access your feedly as soon as the attack is neutralized.
I must admit I admire Feedly’s attitude. It’s right not to give in to the blackmailers who are essentially running an extortion racket, demanding that the cloud service pay up or be taken offline with their DDoS attack.
The danger of paying DDoS blackmailers is that you’re only encouraging them to attack you more, perhaps increasing their financial demands next time.
Extorting money with threats against someone’s business is illegal of course, as is launching a DDoS attack against a website*. In the UK, where I am based, denial-of-service attacks have been outlawed since 2006, and could result in the perpetrators receiving a prison sentence of up to ten years. It’s a similar story in many other countries, and there are people who have been imprisoned for years as a result of their attacks.
Lets hope that whoever is behind the Feedly attack is identified, and brought to book.
In the meantime, you can do your bit to help by making sure that your computer isn’t one of the millions around the world which form part of a botnet.
Online criminals infect poorly-protected computers, recruiting them into botnets to silently participate in their spam campaigns and denial-of-service attacks. Keeping the security of your computer is essential if you want to avoid being part of the problem.
* A denial-of-service attack is illegal if you don’t have the permission of the targeted website’s owners. The only legitimate DDoS attack is one that is being done, with permission, in order to test the site’s ability to withstand an attack. In short: if you have to ask yourself if a DDoS attack is legal or not, it’s not.