The Ransom Letter

Corey Mandell knew things weren't good when he got the ransom letter. Mandell had experienced such things before, and he knew that Authorize.Net, a Bellevue, Wash., credit card processing company, would be in for a tough time. What he didn't realize until later is that it would be much worse than he had anticipated. The DDoS (distributed denial of service) attacks began Sept. 15, and they continue to this day. "We received an extortion letter demanding a large sum of money," said Mandell, who is vice president of development and operations at Authorize.Net. "We were able to handle the attack" at first, he said, explaining that the company had tailored its response based on past attacks against it and others in the same business. But things got worse in a hurry. "The second and third attacks were bigger than anything we'd ever seen," Mandell said. He said it was clear that the attackers were using a bot network because of the wide number of IP addresses that they used. Most of the attack was a SYN flood, in which the attacker sends a large number of TCP connection requests that soon overwhelm the servers (or the routers, depending on the design).