Tuesday, June 24, 2014

Ancestry.com Attacked by Zombies, Part 2

DDoS diagramMonday of last week, 16 June 2014, zombies attacked the Ancestry.com website as I explained last week. (See “Ancestry.com Attacked by Zombies.”) Zombie is the term used to describe an unwitting computer, perhaps the one on your desktop, that was forced to send untold numbers of requests to the target website. Because the attack comes from many computers, and because it is designed to prevent the target from providing normal services to its users, the attack is called a Distributed Denial of Service (DDoS) attack.

If you don’t have virus protection and if your computer runs much slower than it did when it was new, your computer might be compromised. Wouldn’t that be ironic if one of the people complaining loudly about the Ancestry.com outage was partly responsible?

If you don’t have virus protection, get it now.

And don’t click on email attachments from people you don’t know or attached to suspicious messages.

Harkening back to the boys shooting peas at you, the boys learned none of the secrets you might have harbored. Quite to the contrarily, in your overwhelmed state, you couldn’t have told them anything. Information about you on Ancestry.com remained safe. Ancestry.com’s chief technology officer confirmed this. “Your data was not compromised by this attack. This attack overloaded our servers with massive amounts of traffic but did not impact or access the data within those servers. No data was impacted in any way.”

I don’t know the identity of the attacker and Ancestry.com hasn’t said. They probably don’t know since the attacker employs compromised computers—zombies—to perform the attack. I also don’t know the attacker’s motive. Given the timing of the attack, perhaps the attacker was disgruntled with Ancestry.com’s recent service cancellations. MyCanvas, MyFamily, and RootsWeb were still down on Saturday when I wrote this article. About 1pm Saturday Ancestry.com tweeted “We will extend the retirement date on MyFamily, MyCanvas, Mundia, Y-DNA & mtDNA & will have details once websites are brought back online.”

Or given that Find a Grave was also affected, the attacker might have been disgruntled with Find a Grave’s owner selling out to Ancestry.com. I don’t think this is the case. I think it more likely that Find a Grave was collateral damage. It may share equipment with the Ancestry.com website and disabling one disabled both.

In all likelihood, the attacker was not disgruntled with Ancestry.com at all. Move, Inc., owner of Realtor.com and associated sites, was also hit with a DDoS attack at about the same time as Ancestry.com. A day after making an initial press release about the attack, Move, Inc. announced that they had received a ransom demand. According to bits, the New York Times blog, many companies have recently been hit with a DDoS attack and a ransom demand. These include Evernote, Bit.ly, Shutterstock, MailChimp, Feedly, Moz, Vimeo, Meetup, and Basecamp. Ransom demands have been in the $300 to $2,000 range, cheap enough that some companies have paid the ransom. According to another article on bits, other companies have refused to pay, afraid that doing so would result in follow-up demands of larger amounts.

Ancestry.com has not mentioned if a ransom demand has been made by its zombie-wielding attacker.

1 comment:

  1. I just now spoke with a customer service rep at Ancestry.com and was told that the end date for MyCanvas will be extended, but the new end date isn't known yet. She also said MyCanvas should be back up by the end of this week or the beginning of next week.

    ReplyDelete