Online malice again was targeted at one of the backbones of the Internet, with the launch of a denial-of-service attack against credit card processor Authorize.net reportedly coupled with an attempt to extort money to halt the barrage.
Authorize.net, which offers credit card processing services to online merchants and through third-party software providers, acknowledged the attacks yesterday.
In a note to members of the site, Authorize.net said the attacks had been going on for “a few days” and were “increasingly severe.”
DDoS attacks seek to bring sites down by deluging servers with requests for information.
The attack appears to be similar to several denial-of-service hits that occurred over the summer, when Web infrastructure provider Akamai Systems was targeted and just a week later, interactive advertising company DoubleClick was struck by a DDoS attack that left that company’s servers temporarily unable to deliver ads to thousands of popular Web sites.
The attack also comes less than a week after leading Internet security company Symantec warned in its twice-yearly report on Web threats that e-commerce had quickly become an popular attack target, marking a shift away from hack attempts meant to gain notoriety and respect from other hackers toward those whose aim is monetary.
‘Near the End’
Glen Zimmerman, a spokesman for Authorize.net parent company Lightbridge, told the E-Commerce Times the attacks began late last week and mirrored previous incidents that involved an e-mail containing a warning of the attacks along with promises to halt them if money was wired to a certain location.
“We immediately involved the authorities,” Zimmerman said, adding that the FBI’s cybercrime unit is investigating. “We also started to work right away to minimize the disruptions from the attacks,” through capital improvements to its server network and other measures, he said.
Based in Bellevue, Washington — and formerly a unit of Infospace until Lightbridge purchased it in April for $82 million — Authorize.net has about 110,000 customers, Zimmerman said, the vast majority of them small merchants selling items ranging from “afghans to pet medications.”
He noted that payments were not lost, but instead may have been delayed or refused by any outages caused by the attacks. Authorize.net acts as a Web-based middle man, taking credit card information from merchants and processing them with the card companies.
Although the attacks have been occurring on and off for nearly a week now, “You could measure the entire time we’ve been unavailable in minutes rather than hours,” Zimmerman said. “But we recognize that we’re the lifeline for many of our merchants.”
“We are very optimistic that we’re near the end,” he added.
Graham Cluley, an analyst with antivirus firm Sophos, noted that many of the recent worm outbreaks, such as several of the numerous Netsky variants, have had a secondary goal: to turn infected computers into zombie machines that can become part of a DDoS attack.
Most distributed denial-of-service attacks now involve zombie machines, he added. And most sophisticated attacks, especially those that involve extortion threats, seem to stem geographically from Eastern Europe.
Cluley noted that an attack earlier this year against online gambling sites, which also included an extortion attempt, was traced to St. Petersburg, Russia.
He added that virus writers know that the vast majority of computer users fail to keep antivirus tools up to date or apply patches when vulnerabilities are discovered, making it relatively easy to create a massive network of machines that can be used to take down even powerful server farms.
“The criminal element is seeing the opportunity for launching significant attacks against Web sites via zombie computers,” Cluley said. “These attacks underscore how important it is that a person with just a single computer connected to the Internet keep that computer secure. Failing to do so puts the entire Internet at risk for these kinds of attacks.”