Authorities in the United States have charged two men in connection with a DDoS (distributed denial-of-service) attack that crippled websites such as Amazon.com in June 2008.
25-year-old Dmitry Olegovich Zubakha, of Moscow, was arrested in Cyprus last week under an international arrest warrant, having been indicted in a federal court last year for launching botnet-powered denial-of-service attacks against Amazon.com, eBay and Priceline.
The impact of these attacks meant that customers had problems accessing the websites – meaning, effectively, that the sites stopped making money.
Here’s how the problem was described on an online forum for Amazon sellers on 6 June 2008:
Ars Technica reports that the indictment claims that another Russian, Sergey Viktorovich Logashov, was an accomplice of Zubakha, who contacted Priceline to offer his expertise in countering the DDoS attack they were suffering.
If that’s true, that would mean that the motive for the attacks was financial.
The two men are alleged to have – perhaps unwisely – bragged about the attacks in underground hacking forums, where it is alleged Zubakha marketed various cybercriminal services, including botnets for hire.
Law enforcement authorities have also claimed that they have traced more than 28,000 stolen credit card numbers to the men.
The American authorities are seeking Zubakha’s extradition from Cyprus, while Logashov remains at large.
Of course, there are many people around the world who have been involved in DDoS attacks. Some have done it for political or hacktivist reasons, others have tried to blackmail money out of large companies.
It’s unlikely that the DDoS problem is going to go away anytime soon – so now would be a good time to ensure that you have good defences in place to prevent your personal computer from being recruited for someone else’s online fight, and for computer users to remember that intentionally participating in a denial-of-service attack is illegal, and punishable by prison in some countries.