Home Open Sauce DDoS: Firms try to capitalise on others' misery

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

The worst thing about a distributed denial of service attack is not the attack itself. Rather, it is the slew of bottom-feeders who appear on the horizon after the deed and try to profit from the misery of others.

In the true spirit of American greed, security firm Norton by Symantec is out there today, plugging figures from some survey or the other to push the case that small and medium businesses — many already unable to cope with existing expenses — should also invest in insurance as a means of recouping damages from a likely DDos.

No surprise, the insurance on offer is from a partner of Norton!

Close on its heels, is Computer Services Corporation, another firm that is attempting to feed on others' misfortune.

CSC has issued a white paper (why are all these papers white?) trying to push its wares.

Note carefully that neither of these companies has any suggestion as to how the Internet itself can be strengthened so that everyone has less of a chance of suffering from a DDoS. No suggestion as to how mitigation can be improved for the public good.

Indeed, Dynamic Network Services, the very company that was the target of the attacks, tried to project itself as better than it is at managing such attacks by claiming that millions of devices had participated in the DDoS.

Later, it had to recant and admit that the actual number was closer to 100,000.

No, greed is first and foremost. It reminds me of the film The Corporation where a stock trader was quoted as saying that when he saw the planes crashing into the World Trade Centre towers on 11 September 2001, his first thought was how he could help his clients to make money by shorting airline stocks.

The Internet was built on free and open source software, using protocols that are free. But now there are millions of rent-seekers who want to use the network to line their own pockets. If they did so while also contributing to the public realm, I would have no problem with it.

This self-interest has been seen many times in the recent past. The Heartbleed vulnerability in OpenSSL put millions at risk; that project has meagre resources, both monetary and staff-wise, but its software has almost universal use. How many mega-corporations have come forward to donate money or resources to improve the security of OpenSSL?

The only person to do something worthwhile was Theo de Raadt, the head of the OpenBSD operating system project, a free software entity. He and his so-developers started a fork of OpenSSL, called LibreSSL, to weed out the many flaws in its code.

Or take the case of OpenSSH, which, coincidentally, is also developed by de Raadt's project. Nearly 90% of those who use SSH use the OpenBSD incantation.

De Raadt told me more than a decade ago that contributions to free software that is almost universally used comes mostly from individuals, not corporations. To quote him: ""Hardware donations do not come from vendors who use OpenSSH on parts of their stuff. They come from individuals. The hardware vendors who use OpenSSH on all of their products have given us a total of one laptop since we developed OpenSSH five years ago. And asking them for that laptop took a year. That was IBM. It took a year of negotiation and I had to talk to 15 people and I had the right person from the beginning but she had to get okays from other people and I had to write letters to say why. It was astounding."

For one reason or another, DDoS attacks are going to have massive impacts on online businesses, until technical solutions are devised to lessen their impact. Crude marketing moves are not going to help in any way to make the Internet a better place to do business.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.


Popular News




Sponsored News