Defense.Net, a company designed to mitigate the increasing scale and sophistication of modern Distributed Denial of Service (DDoS) attacks, has released statements from the company’s founder, Barrett Lyon, and CEO, Chris Risley, on the plea agreement reached in the “PayPal 14” case of the hackers that worked with the group Anonymous to shut down PayPal in December 2010 via a DDoS attack. Lyon, whose pursuit of hackers operating as part of the Russian mob was chronicled in the best-selling book Fatal System Error, and who created what is now the $1 billion DDoS mitigation industry more than 10 years ago, asserted that there is no noble or justified use of DDoS in any case.
Commented Lyon: “I was shocked to learn this morning that some view the plea agreement reached yesterday in the PayPal 14 case as a vindication for civil disobedience, and I fear that this will encourage even more people to engage in malicious DDoS attacks. Let’s be clear, there is no nobility in launching a cyberattack that destroys the ability of people to access a website. This is not civil disobedience or a legitimate form of protest. It is a destructive attack that is so powerful that it is being added to the war arsenals of nation-states. What I find ironic is that the members of Anonymous claim that they are working on behalf of free speech while the tactics they employ serve to take down websites and suppress speech. The very word ‘denial’ in Denial of Service attacks illustrates that these attacks are not about freedom. These bare knuckled attacks are no different from the bully in the schoolyard.”
Chris Risley added the following: “Currently we see thousands of small scale DDoS attacks occurring every day around the world to muzzle the free speech of someone else. Often the victims are smaller websites that do not make the news when they are attacked and do not have the financial resources to defend themselves. Sophisticated cyberattack tools have made it very easy for anyone to launch a crippling DDoS attack on any website for any reason. What concerns me is when we see this illegal activity mischaracterized by some as legitimate. Pleading guilty to a felony and paying a $5,000 fine is not a victory for hacker claims that DDoS is free speech. Their pleas demonstrate it’s a crime. That crime is muzzling the free speech of others.”
Lyon and Risley issued their statements in response to the plea entered yesterday for the individuals charged in U.S. District Court for the December 2010 DDoS attack that crippled PayPal’s website. The individuals were acting on behalf of the hacker organization Anonymous to attack PayPal for their termination of an account used for donations to WikiLeaks.
In DDoS attacks, perpetrators assemble an army of compromised computers to inundate a website with a volume of requests that overwhelms and crashes the website. Recently, the ease of access to sophisticated attack tools has advanced to a level where a botnet that can do millions of dollars of damage within minutes can be rented for $7 per hour. This has proliferated a weapon that was previously in the domain of sophisticated cybercriminals to a wide audience with varying motivations for attacking a website – from political or religious hacktivists to extortionists to business competitors, disgruntled customers or former employees.