A group of hackers was so miffed with a company it was attacking managed to lock them out and it resorted to some other tactics to hack the security experts off.
Administrators at Orlando, Florida-based TorGuard managed to defeat a series of increasingly powerful denial-of-service attacks designed to cripple their virtual private networking service.
They did this by locking down the TorGuard servers and then moving them behind the protective services of anti-DoS service CloudFlare.
TorGuard administrator Ben Van Pelt told Ars Technica that the next wave of attacks became a little more personal.
Throughout the day, the office received multiple unrequested deliveries from local pizza chains, Chinese food, and one large order of sushi. Electricians and plumbing services started to show up and had to be turned turned away. Van Pelt was surprised that no one called the cops or fire services.
The campaign went on for two months. Van Pelt suspects that carried out by a business rival because they started after a promotional campaign. Within 24 hours, the company’s support inbox received torrents of junk e-mails that were spoofed to appear as if they were coming from the company’s support desk.
The SMTP servers generating the 10 million daily e-mails were in Argentina. After a few added rules on the Apache firewall module mod-security we were successfully blocking the ‘mailbomb’ attack.”
A month later, TorGuard there was another promotion and 24 hours after the e-mail went out, TorGuard came under another attack. This one was a little more complicated. The 10Gbps waves of traffic appeared to come from PowerStresser.com, AvengeStressor.com and they sent junk traffic only at IP addresses used by the new VPN nodes announced in the newsletter.
Initially TorGuard periodically changed the IP addresses used by the targeted nodes, but after a new address was provisioned, it would come under attack. In other words, the hackers were running the TorGuard service so they could keep track of the internal servers it used. Van Pelt was able to block the assault by modifying the company’s border gateway protocol. The new routes funnelled the junk traffic into a virtual black hole rather than to the VPN servers
The last attack happened when the the service released new proxy software that made it easier for customers to use TorGuard with Vuze, uTorrent, and other BitTorrent programs. This time it seemed that the business rivals had paid for botnets of infected computers.
This time the company had to use the anti-DDoS mitigation service CloudFlare. Almost immediately, service was restored. The hackers attempted to brute-force crack their e-mail account passwords, and made lots of calls to the company’s toll-free support number and when that did not work the pizzas arrived.
Fast food aside, Van Pelt said that he was quite happy about the attacks. By putting pressure on the company it had forced it to create a really robust and secure network and it only cost about $800 a month more.