Foiling the “Russian” Hackers

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

Whilst a joyous place to work, excitement at the Really Simple Systems head office is generally reserved for occasions out of the office. Our User Conference, team building trips, team lunches and the annual Christmas party! So yesterday’s events were quite unusual.

Yesterday morning our public web site, www.reallysimplesystems.com, was hit by what’s known as a DDoS attack, a Distributed Denial of Service. A DDoS attack is a cyber-attack where the perpetrator floods the targeted site in an attempt to crash it. Using more than one, and often thousands of, unique IP addresses it looks to overload systems and block their legitimate use.

In general, DDoS attacker target high profile companies, like banks and credit card companies where disruption would cause a high impact. The motive is generally extortion.

So early yesterday morning, just before 7 am (BST), an attack to our web site meant it was down for 15 minutes. An email to our CEO, John Paterson, purportedly from a Russian hacking group, claimed responsibility. They demanded the payment of $600 within 6 hours or they would take the site down again. The email contained details of their capacity to launch another attack.

Exciting indeed! Had the fame of Really Simple Systems reached such heights that down-time of its website should be deemed “high-impact”? As the company’s Marketing Manager, I thought the sum of $600 paltry. Nay, insulting! Surely they should be demanding at least $6,000?

Anyway, whilst I reflected on this, our Development Manager, Chris Tree, and Senior Developer, Matt Treagus, took time out from their work on our new CRM Version 5 to take the matter in hand.

To ensure our site was fully protected, Chris and Matt, set about building multiple web servers to manage the load balancing and then installing DDoS protection. By the appointed hour everything was in place but nothing happened. Was our Russian friend bluffing?

Further investigation showed that the hacker’s email had been sent from an IP address in Los Angeles. This would have meant that the message was sent around 11 pm at night. It also seemed to have been sent from an Outlook account, suggesting not a very sophisticated hacker. Maybe one enjoying some high-jinx, just before his bed-time?

This left us rather delated. But then, as dawn broke over LA, our web site went down again! Chris and Matt jumped into action and switched on the protection. Bingo! The site came back up again with cheers all round!

So with our not-so-Russian hackers defeated it’s back to business as usual.

Roll on Christmas!

About the Author

Helen Armour

Helen Armour

Helen is the Marketing Manager at Really Simple Systems, a Member of the Chartered Institute of Marketing and Chartered Marketer.