How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack

Facing an online extortion threat, bookmaker Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them.

At the time, off-the-shelf anti-DoS hardware wasn't readily available. Lyon's solution for Don Best was not to turn back the attack, but to scale Don Best's infrastructure of Web servers, load balancers and other hardware so that it was bigger than the volume of attack traffic coming in. "We basically built a humongous Web farm in, like, four days," Lyon says.

It proved to be enough to fend off the extortionists, who were sloppy. They attacked during the slowest gambling season, when the mark had less impetus to capitulate under pressure. They also asked for so much money that Allec didn't immediately determine that paying would be his smartest option.

Within a week, it was over. Except—and this impressed Allec the most—"a couple of weeks later I get a call from Barrett, and he says, 'I know who attacked your site.'"

Lyon says, "I could have left it alone, but I had gotten attached, and I started investigating. I came up with some interesting techniques to trace back the attacks." He turned over his work to several law enforcement agencies, but he never heard about it again.

It was Allec who recommended Lyon to Richardson after the $500 eGold incident. "During that time when all those sites were getting extorted, you only stopped it one of two ways," Allec says. "You either paid them off, or you called Barrett."

Monday, Nov. 24, 2003: Building the Defense

Lyon's plan for BetCris was to build a system that would absorb huge DoS attacks, and he had an idea how, technically, he might do that. But he had little idea how he would convince a tier-one hosting facility (essentially an ISP's ISP), to host his system—to voluntarily accept massive DoS attacks to see if his little project could thwart them.

Through his Opte.org project, Lyon knew of an ISP called PureGig in Phoenix with a 10Gbps pipe, plenty of bandwidth to host his system without disturbing PureGig's other customers. Lyon called Matt Wilson at PureGig. He begged.

A heated internal debate took place at PureGig. The company was ready to say no, Wilson told Lyon. Lyon begged harder.

Lyon believes what tipped PureGig to support his cause was altruism. "They told me they don't like to back down from challenges," he recalls. But it probably had as much to do with generating business. For, if Lyon and PureGig did figure out how to stop DoS attacks, they would have something that their competitors didn't.