Security blogger Graham Cluley’s website suffers DDoS attack


A distributed denial-of-service attack (DDoS) is a cheap but effective way to take out your target’s website by flooding it with so much traffic that the web server becomes overwhelmed and the website crashes.

There are those who use DDoS attacks as a kind of online protest, such as hacktivist groups like Anonymous.

Then there are those who do it to “amuse” themselves, like the Lizard Squad who took out Playstation and Xbox servers on Christmas Day last year.

And then there are other DDoS attacks that come from cybercriminals who don’t care about politics or hijinks – they just want money.

Recently a cybergang calling itself the Armada Collective has been attempting to extort money from victims by threatening DDoS attacks unless a ransom is paid in bitcoins.

One Swiss company, the encrypted webmail provider ProtonMail, recently paid $6000 in bitcoins after receiving a ransom from the Armada Collective, it said. The site was still DDoSed.

And now, the latest site to fall victim to a DDoS attack is that of former Naked Security writer Graham Cluley.

We don’t know why Graham was targeted, but on Twitter he noted that he didn’t receive a ransom demand, so it must have been “personal.”

Unfortunately, it doesn’t take much skill to launch this kind of attack.

Anybody with a little bit of money and the will to wreak havoc can launch DDoS attacks with simple DDoS-for-hire web tools that harness armies of zombified computers to bombard your website with thousands or millions of illegitimate web requests.

DDoS attacks are simple but destructive – if your website goes down for any period of time, your customers can’t get through and you end up losing new sales, losing customers, or missing out on ad revenue, depending on what your website’s purpose is.

In Graham’s article about how ProtonMail initially caved to the extortion demands, but then had a change of heart, Graham wrote something very sensible about how we should treat extortionists, blackmailers and ransom-takers:

No-one should ever pay internet extortionists.

For those who receive a ransom demand, it might seem like a few thousand dollars is a fair price to pay when your customers are complaining they can’t access your services, and your business is hurting.

But if we pay the extortionists’ demands, that will only give them more reason to do it again.

Image of attacking cursor arrows courtesy of