- Get a grip or you don't get the job
- Desktops of the future here today
- Researcher hides IE attack on Web
- Cisco third quarter 2008 channel stuffing
- Sci-Fi's goofiest gadgets and technology
Rss FeedRss Feed
Crackin' the Kraken bot. Listen now!
Wireless dangers at airports. Listen now!
Most companies have a solid disaster recovery plan in place to handle a "complete failure" of its Active Directory, which is really quite rare. What most recovery plans are missing, and the most common scenario, is a means to efficiently restore single directory objects. In this paper, we'll explore what most disaster recovery plans already address, highlight potential weak points, and suggest solutions that help fill those gaps-without requiring you to completely re-do your existing plan.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
IT professionals like the idea of consolidating hundreds of servers into only a few, but it takes a lot more to cost effectively consolidate and virtualize servers. Watch this six-chapter webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization" to learn how to effectively consolidate your Windows environment. One of the themes explored includes the characteristics of an orchestrated data center, which includes: Resource management, dynamic provisioning, job management, policy management, accounting and auditing and real-time availability. Learn more about orchestration and much more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
You can find related project managemen articles in
- Anonymous
Criminals are increasingly targeting corporations with distributed denial-of-service attacks designed not to disrupt business networks but to extort thousands of dollars from the companies.
Those targeted are increasingly deciding to pay the extortionists rather than accept the consequences, experts say. While reports of this type of crime have circulated for several years, most victimized companies remain reluctant to acknowledge the attacks or enlist the help of law enforcement, resulting in limited awareness of the problem and few prosecutions.
Extortion is "becoming more commonplace," says Ed Amoroso, chief information security officer at AT&T. "It's happening enough that it doesn't even raise an eyebrow anymore."
"In the past eight months we have seen an uptick with the most organized groups of attackers trying to extort money from users," says Rob Rigby, director of managed security services at MCI. "We try to do our best to get [customers] through it, but we leave it up to them to bring such attacks to the attention of law enforcement."
While MCI has been asked to help with prosecutions in other cybercrime cases, Rigby says he does not recall a service provider being subpoenaed in a distributed DoS extortion case.
Quantifying the extortion problem is difficult because the FBI, ISPs and third-party research firms can't provide figures on the number of distributed DoS attacks that include demands for money.
The FBI aggressively works daily on cases involving distributed DoS attacks and extortion, says bureau spokesman Paul Bresson.
"Almost all of them have an international connection," he says. "There aren't many cases where people doing this are from the U.S, and many times it is a juvenile subject to the laws of another country."
Bresson says such cases have been prosecuted, although he was unable to cite any. The FBI continues to encourage companies to report this crime to law enforcement, he says, yet "we understand there's a reluctance to do so."
An indeterminable number of victims are choosing to meet the demands of extortionists rather than turn to law enforcement for fear of negative publicity. The law does not prohibit paying, says Kathleen Porter, an attorney at Robinson & Cole in Boston, who has extensive experience with e-commerce and Internet law.
"It's illegal to make the demand, but it's not illegal for companies to pay to make the attacks go away. It's analogous to ransom," Porter says. "It's something companies are doing because the cost of denial-of-service attacks are so expensive."
"The problem is if companies keep paying, the attacks will continue," she says.
Even those who don't pay and instead work with their service provider to mitigate an attack are leery about reporting the crime.
"It's still taboo for users to talk about these attacks," Rigby says. "Users worry that just coming under attack can damage their brand."
Companies are not required by law to report these crimes, Porter says, and she suspects a fear of being sued over the consequences an attack might pose to one's customers contributes to the reticence of many to do so.
"We've had [extortion attempts] happen to our customers," says Bruce Schneier , CTO at managed security services provider Counterpane Internet Security. "More often than I'd like, they're paying up." Counterpane offers anti-distributed DoS services, he adds, but they "aren't cheap."
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
