How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack

Facing an online extortion threat, bookmaker Mickey Richardson bet his Web-based business on a networking whiz from Sacramento who first beat back the bad guys, then helped the cops nab them.

"There was a great deal of skepticism here; it was not a popular idea," recalls Wilson. "My thinking was that normally the ISP's solution for DoS attacks is to shut off the customer," he says. (In other words, null-route them like the ISP did in shutting down BetCris.) Wilson adds, "In our minds, that wasn't a good long-term solution. Revenue issues aside, we thought maybe we could learn how to fix the problem. But still, it was a huge risk."

With PureGig committed, Lyon worked for the next three days without sleep, designing, building, testing, rebuilding and retesting his system. "I used all the methodologies I knew, all the code I knew, plus some new ideas."

Lyon kept in constant contact with PureGig and with Lebumfacil in Costa Rica. Lebumfacil deferred to Lyon. "I was part of it, I stayed up all night with him on the line," Lebumfacil says. "I was never allowed to touch any of the boxes. I would make suggestions, and he'd take some of it and not take some of it.

"Barrett had his idea. There was so much uncertainty. Many times I thought, I hope he knows what he's doing. But Barrett had this calm confidence. You want to freak out, and he just works. He's so focused."

By Wednesday, Lyon had something. A patchwork of original code stitched together with commercial products, he described it as "a highly fortified data center with proxy and security software and some monitoring, and more bandwidth than the bad guys."

Denial of Service, Deconstructed

Denial-of-service attacks are an old and crass way to disrupt a network, and yet still are immensely effective. DoS attacks overload the pipes that connect computers to the Internet with massive amounts of legitimate but useless data. DoS attacks create epic traffic jams. The cars in this analogy would be requests for service that hackers send to the target website. Each time the target site gets a request, it must deny it. But because the hacker sends massive numbers of requests from thousands of computers, the target must use nearly all of its time and resources just to deny these requests for service, effectively blocking access to anyone with a legitimate request.

Before that, though, the hacker must create a network of computers big enough to overwhelm the target. They don't buy these computers, they commandeer them. They plant software scripts on systems distributed throughout the world (hence, distributed denial of service, or DDoS). These compromised computers are called zombies, or bots, because they generate attack traffic automatically, without the owners' knowledge.