Meetup struggles under the weight of a massive DDoS attack

Meetup remains under DDoS attack after refusing to pay ransom, though some services are operating normally.

In a blog post, Scott Heiferman, Meetup’s Co-Founder and CEO, explained the state of things to the company's user base:

"No doubt, this has been a tough weekend for Meetup. Since Thursday, we faced a massive attack on our servers — a DDoS attack, which is a barrage of traffic intended to make service unavailable. We’ve had many hours of downtime over several days, a first for us in 12 years of growing the world’s largest network of local community groups."

Early in the morning on Thursday, February 28, someone emailed the Meetup HQ with a demand; pay $300 or face a DDoS attack. The letter said that a competitor had hired the actor to perform the attack, but they were willing to "stop the attack" if the ransom was paid.

Around the time the letter was sent, the DDoS attack started, which knocked Meetup offline for about 24-hours. The company was able to recover, but propagating the changes to the rest of the Internet takes time, so many people were unable to reach the service.

Adding insult to injury, the DDoS attack started again on Saturday, as the attackers started targeting the changes made to the infrastructure. By midnight, new mitigations were in place, but then a third attack started Sunday that was stronger than the other attacks - and once again Meetup was taken down.

The question is, why not pay? The answer, as obvious as it is to some, is also as simple: payment means negotiations with criminals, something no company should do. In addition, Heiferman added, the low-ball dollar amount suggested a trap.

"The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated. We believe this lowball amount is a trick to see if we are the kind of target who would pay. We believe if we pay, the criminals would simply demand much more."

The company continues to fight the DDoS attack, but since the malicious campaign began, there have been more than 60,000 gatherings via the service, as people meet to discuss the things with which they share a common interest.

As of 5:00 p.m.EST on Monday, the service is sluggish, but local portals are operating to a degree, clearly the fight isn't over.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Related:
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.