The Zombie Hunters: On the trail of cyberextortionists
Prolexic, which was founded in 2003 by a twenty-seven-year-old college dropout named Barrett Lyon, is a twenty-four-hour, seven-days-a-week operation. An engineer is posted in the [network operations center] at all times, to monitor Prolexic’s four data hubs, which are in Phoenix, Vancouver, Miami, and London. The hubs contain powerful computers designed to absorb the brunt of data floods and are, essentially, massive holding pens for zombies. Any data travelling to Prolexic’s clients pass through this hardware. The company, which had revenues of four million dollars in its first year, now has more than eighty customers.
Lyon’s main business is protecting his clients from cyberextortionists, who demand payments from companies in return for leaving them alone. Although Lyon is based in Florida, the attackers he deals with might be in Kazakhstan or China, and they usually don’t work alone.
[…] Only a few years ago, online malfeasance was largely the province of either technically adept hackers (or “crackers,” as ill-intentioned hackers are known), who were in it for the thrill or for bragging rights, or novices (called “script kiddies”), who unleashed viruses as pranks. But as the Web’s reach has expanded real-world criminals have discovered its potential. Mobsters and con men, from Africa to Eastern Europe, have gone online. Increasingly, cyberextortionists are tied to gangs that operate in several countries and hide within a labyrinth of anonymous accounts.
[…] Examining the list of zombie addresses, Lyon picked one and ran a command called a “traceroute.” The program followed the zombie’s path from MensNiche back to a computer called NOCC.ior.navy.mil—part of the United States Navy’s Network Operations Center for the Indian Ocean Region. “Well, that’s great,” he said, laughing. Lyon’s next traceroute found that another zombie was on the Department of Defense’s Military Sealift Command network. The network forces of the United States military had been conscripted in an attack on a Web site for penis enlargement.
[…] Less than five years ago, experts considered a several-thousand-zombie botnet extraordinary. Lyon now regularly faces botnets of fifty thousand zombies or more. According to one study, fifteen per cent of new zombies are from China. A British Internet-security firm, Clearswift, recently predicted that “botnets will, unless matters change dramatically, proliferate to the point where much of the Internet . . . comes to resemble a mosaic of botnets.” Meanwhile, the resources of law enforcement are limited–the N.H.T.C.U., for example, has sixty agents handling everything from child pornography to identity theft.
Extortionists often prefer to target online industries, such as pornography and gambling, that occupy a gray area, and may be reluctant to seek help from law enforcement. Such businesses account for most of Prolexic’s clients. I asked Lyon how he felt about the companies he defended. “Everybody makes a living somehow,” he said. “It’s not my job to worry about how they do it.”
I asked whether that applied to extortionists as well. After a pause, he said, “I guess I’m partial to dot-commers.”
Several weeks later, he called me to say that he’d reconsidered his answer. “The Internet is all about connecting things, communicating and sharing information, bits, pieces of data,” he said. “A denial-of-service attack is the exact opposite of that. It is taking one person’s will and imposing it on a bunch of others.”