Home Open Sauce DDoS: Firms try to capitalise on others' misery

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

DDoS: Firms try to capitalise on others' misery

The worst thing about a distributed denial of service attack is not the attack itself. Rather, it is the slew of bottom-feeders who appear on the horizon after the deed and try to profit from the misery of others.

In the true spirit of American greed, security firm Norton by Symantec is out there today, plugging figures from some survey or the other to push the case that small and medium businesses — many already unable to cope with existing expenses — should also invest in insurance as a means of recouping damages from a likely DDos.

No surprise, the insurance on offer is from a partner of Norton!

Close on its heels, is Computer Services Corporation, another firm that is attempting to feed on others' misfortune.

CSC has issued a white paper (why are all these papers white?) trying to push its wares.

Note carefully that neither of these companies has any suggestion as to how the Internet itself can be strengthened so that everyone has less of a chance of suffering from a DDoS. No suggestion as to how mitigation can be improved for the public good.

Indeed, Dynamic Network Services, the very company that was the target of the attacks, tried to project itself as better than it is at managing such attacks by claiming that millions of devices had participated in the DDoS.

Later, it had to recant and admit that the actual number was closer to 100,000.

No, greed is first and foremost. It reminds me of the film The Corporation where a stock trader was quoted as saying that when he saw the planes crashing into the World Trade Centre towers on 11 September 2001, his first thought was how he could help his clients to make money by shorting airline stocks.

The Internet was built on free and open source software, using protocols that are free. But now there are millions of rent-seekers who want to use the network to line their own pockets. If they did so while also contributing to the public realm, I would have no problem with it.

This self-interest has been seen many times in the recent past. The Heartbleed vulnerability in OpenSSL put millions at risk; that project has meagre resources, both monetary and staff-wise, but its software has almost universal use. How many mega-corporations have come forward to donate money or resources to improve the security of OpenSSL?

The only person to do something worthwhile was Theo de Raadt, the head of the OpenBSD operating system project, a free software entity. He and his so-developers started a fork of OpenSSL, called LibreSSL, to weed out the many flaws in its code.

Or take the case of OpenSSH, which, coincidentally, is also developed by de Raadt's project. Nearly 90% of those who use SSH use the OpenBSD incantation.

De Raadt told me more than a decade ago that contributions to free software that is almost universally used comes mostly from individuals, not corporations. To quote him: ""Hardware donations do not come from vendors who use OpenSSH on parts of their stuff. They come from individuals. The hardware vendors who use OpenSSH on all of their products have given us a total of one laptop since we developed OpenSSH five years ago. And asking them for that laptop took a year. That was IBM. It took a year of negotiation and I had to talk to 15 people and I had the right person from the beginning but she had to get okays from other people and I had to write letters to say why. It was astounding."

For one reason or another, DDoS attacks are going to have massive impacts on online businesses, until technical solutions are devised to lessen their impact. Crude marketing moves are not going to help in any way to make the Internet a better place to do business.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.