‘Tis the season for denial-of-service attacks it seems.
Not only has Evernote been struck by a DoS attack overnight, but now RSS news aggregator Feedly reports that its cloud-based service is suffering from a distributed denial-of-service attack that could impact users’ ability to catch up with the latest updates from their favourite websites.
Feedly saw a boost in popularity, when Google announced last year that it was closing down its Reader service – used by many to manage their RSS feeds. Today, Feedly boasts millions of daily users.
The company did well out of Google Reader’s demise, and is a showing a similar plucky attitude in its response to this threat against its online service.
Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop. We refused to give in and are working with our network providers to mitigate the attack as best as we can.
We are working in parallel with other victims of the same group and with law enforcement.
We want to apologize for the inconvenience. Please know that you data is safe and you will be able to re-access your feedly as soon as the attack is neutralized.
I must admit I admire Feedly’s attitude. It’s right not to give in to the blackmailers who are essentially running an extortion racket, demanding that the cloud service pay up or be taken offline with their DDoS attack.
The danger of paying DDoS blackmailers is that you’re only encouraging them to attack you more, perhaps increasing their financial demands next time.
Extorting money with threats against someone’s business is illegal of course, as is launching a DDoS attack against a website*. In the UK, where I am based, denial-of-service attacks have been outlawed since 2006, and could result in the perpetrators receiving a prison sentence of up to ten years. It’s a similar story in many other countries, and there are people who have been imprisoned for years as a result of their attacks.
Lets hope that whoever is behind the Feedly attack is identified, and brought to book.
In the meantime, you can do your bit to help by making sure that your computer isn’t one of the millions around the world which form part of a botnet.
Online criminals infect poorly-protected computers, recruiting them into botnets to silently participate in their spam campaigns and denial-of-service attacks. Keeping the security of your computer is essential if you want to avoid being part of the problem.
* A denial-of-service attack is illegal if you don’t have the permission of the targeted website’s owners. The only legitimate DDoS attack is one that is being done, with permission, in order to test the site’s ability to withstand an attack. In short: if you have to ask yourself if a DDoS attack is legal or not, it’s not.
One of the problems is that the Android app is draining the battery whilst it can't connect to the Feedly servers.
Good to know. I'm gonna disable the app for the time.
First world problems! My phone lasts an hour less then usual.. boohoo
Thanks for this comment. I had no idea why my phone kept dying. I uninstalled the app for now and will see if that was the problem.
Could you share tips on how I can make sure – my computer isn’t a part of a botnet?
1. Make sure your PC is running the most current versions of software/updates. If you're running XP for example, you run a higher risk of viruses or attacks since it's technically no longer supported by Microsoft.
Easiest way on a windows machine is to click Start -> All Programs -> Windows Update -> Check for updates
Install the required ones, and pick the recommended ones you want. I stray away from the Bing Bar and other non-essentials like that.
2. If you're worried your PC is being used, run a good program like Malwarebytes or Avast. Scan your pc to check for malware/viruses.
3. The biggest piece of advice I can give is prevention by smart browsing and computer use. Only open files and attachments from known sources, stay away from websites that offer pirated movies, tv shows, and software, and if you want to download and install something, make sure you read what it's saying rather than just clicking next a thousand times.
Just as some extra/additional points that should be considered:
One bit that you can change up to be more safe. Specifically "Only open files and attachments from known sources" is quite dangerous (rather: can be). Define known sources, for instance. With that logic you might assume that since a friend or family member emailed you something (or sending you a link on some website, or…) it must be safe. But that's not necessarily them sending it. Also, they might themselves think it is safe but it isn't. In general: don't open attachments unless you know it is safe (and also scan it/etc) – the sender is only relevant in that senders you don't know should not be trusted at all. Other senders you should still make sure it is safe and not assume that known source = OK. Of course, this is different from e.g., microsoft.com but then in that case make sure it is not typosquatter (or similar, e.g., for getting your personal information). And in that case also make sure it isn't a compromised network (that's not necessarily something you can know so indeed scanning is necessary). Otherwise, smart browsing (I prefer: smart computing and I see just before I clicked submit, that you indeed worded it that way as well) is sound advice.
And not only should you scan your system for malware actively you should also have it do that passively.
As for clicking next … indeed that's good advice. In general be wary of (mindlessly!) doing anything and especially don't do something if you don't know what it does(!) or is (e.g., someone tells you to try X, if you don't know what X does then be wary). It is incredibly easy to dupe someone into doing something that is not at all what they want which can cause them major grief (to say the least).
Why can't ISP's inform users that there computer is part of a bot net ..
They do
Despite the claims on the Feedly blog, it still isn't working… Can't connect using the Adroid app (in Germany).
And Feedly is down for a 3rd day (3rd attack). Something doesn't seem right about this. It must be more than a DDOS attack. It sounds like a Ransomware demand (I don't know for sure) but also Evernote is affected as well? I know they have close integration so something isn't quite right about their explanations.
I'm a paid customer and I'm really wondering if Feedly knows how to deal with infrastructure issues – Hopefully they aren't running a Windows Server on Shared Hosting either. Perhaps if this really is a DDOS attack they should think about getting a more capable ISP!
If only it were that simple… It's not. Before I continue – in the case you do read this – let me just state: I'm not trying to be offensive here. I know I can sometimes seem that way (and giving far too much information… but I tend to write a lot and this is something I have a lot of knowledge with as well as experience – as in, how it all works or more specifically what allows these attacks, so I can be overwhelming in that regard). I'm actually trying to correct you in a constructive way. Also, see very last paragraph if it seems too much, as I give a quick summary to alleviate your concerns (as a customer of them). With that noted:
What different does it make if it is shared hosting or not? For a DoS or DDoS attack the only way it would matter is if more than one service is hit because they are on the same server (or even network). There's also a concept called backscatter but that's only similar in that others are affected (those that aren't part of the attack, that is). There's also using one network as a source of the attack which is also making them a victim. And again, although I'm very critical of MS and Apple, I'll be honest here: the amount of traffic a DDoS attack can push out .. it isn't fair to blame the OS. No, not at all. We're not talking about some older DoS attacks that abused a certain vulnerability in an OS causing it to crash (for example). An example of that was when certain operating systems reassembled really fragmented packets, they would hang. This is much more involved (hence "distributed"). There are mitigation techniques the operating system can deploy (resources being used up, for instance, and how they are used and for how long – this depends on the type of attack as well, at least what I'm getting at) but it all comes down to the core routers (and more generally how much the network can withstand, bandwidth and other resources). I would argue that (and this is a 50/50 – it could be either or) they aren't even the ones to complain to (not referring to the attackers – that is something else entirely and complaining to them, if you identified them by some magic, would only cause you more grief, I assure you) because they aren't the Internet provider as such (and even if they were an Internet provider, do you think they have no Internet provider themselves? Some are this way but most are not. The ones that are are part of the Internet backbone. Much like the telephone system there are providers for providers, see below).
Somewhat like customer owned coin-operated telephones (COCOT). And also like how main telecommunication corporations own a great amount of the infrastructure but then there are more local companies that use their infrastructure (many acronyms for these too). Essentially, trying to find blame here is based on frustration or ignorance (since you're a customer I would suggest frustration in particular, as I know it: most users just want something to work and they don't care about the details as long as it does work).
As an aside: ransomware ("-ware" as in "some kind of software", as in installed or executed, on the "victims'" computer[s]) would be something else entirely. If that were the case, they would need to clean up their system/network. Here they need the traffic to stop (that's why you yourself cannot connect – the network is too overwhelmed).
Shortly: don't worry about their capability, prematurely. Years ago a 13 year old boy from Canada calling himself 'Mafia boy' took down Amazon, eBay and if I recall Yahoo. Certainly there were several high profile victims, and it was one 13 year old. So no, this isn't a good way to figure out their capability! That's the best advice/information I can give!
Addendum: -ware can also imply other types of products/goods. An example is vapourware. But of course in this context and when considering randomware, it would be referring to software, good or bad (and in this case, bad). But it is very different from a DoS attack and very different from a DDoS attack. Sure, the attackers could add the 'if you don't pay we'll keep this up…' (which incidentally is keeping the victim down which somehow amuses me, although that's just the word play…) but it isn't software as such (I would argue there's better words for the money game, anyway).