Bet they wish they had insurance against DDOS attacks!
UK-based consumer finance website MoneySavingExpert.com was forced to pull most of its services over the weekend as a result of an ongoing denial of service attack. The site was hit at 1700 on Friday hours before launching a high-profile campaign against insurance rip-offs. Services were largely restored by 1000 on Monday. …
Egg tried to get me to take insurance on a loan I took out, but after I explained to them that under the self employed rules I'd have to declare myself bankrupt in order to claim, in which case they wouldn't get the loan repaid anyway and I wouldn't care, they backed down and gave me the loan without.
If only I'd taken it out, I could've reclaimed!
I'm currently having an argument with Halifax over this exact issue... We were sold a single-premium (no longer allowed) policy with PPI... The PPI in question only covers me but not my partner... A fact we were only made aware of when I went to claim after she had to take 6 weeks off work with an injury
After going into our local branch to have the PPI removed we were told we'd have to take out another loan and leave off the PPI... No real problem there until they told us that our 8.9% APR (high anyway) would mystically rise to 16.9% costing us an extra £1000 over the life of the loan (equating to a monthly payment increase of £3)
Unbelievably, while they were giving us this 'wonderful' offer they tried to hard-sell a bank account to us... I think not!
A quick word with the financial ombudsman is in order I think
While no-one would think it was the banks, there are other less far-fetched possibilities. Someone in charge of one the big banks’ PPI selling departments fearing for their job? One of the PPI reclaim companies hoping to drive trade their way? Even for those people, it would be as good a plan as trying to blackmail a member of the royal family. As for it being someone showing off... I can see it attracting about as much kudos in the hacking community as flooring a site like www.mcpriests.com.*
I’m still putting my money on a forum thread that can be found in Google’s cache.
I’ve been a long-time reader of the MSE forum, and have never seen someone make a direct warning like that. The forum software turns all typed URLs into usable links, so any reader clicking through them could have been making the presence of the warning nice and clear to the criminals. If you’re that criminal, a DDoS would be in character and within your means. Warnings have the potential to decrease the success of your scam, so taking the site down, if only for a few days, would be a logical step. As the thread was started late on Thursday, it would match the time of the attack.
*I’m not saying Mr Lewis is in any way like Mother Teresa of Calcutta, but there are many forum posters who put in a large amount of time and effort, for no more reward than knowing they’re doing a good job.
Well, this is an avenue we will be taking as well further direct contact with Halifax themselves
I'm just wondering if there's any way I can cause them some pain and possibly prevent, or at least deter, them from trying it on other, potentially less savvy, customers
That's not to say that I'm particularly savvy otherwise my loan would be housed elsewhere
That site really is a great one. It's helped me to save lots of money on loads of things. I got £100 back from Halifax when they increased the Mortgage Exit Administration Fee by that amount in the 2 years between taking out the mortgage and switching to another provider. They shouldn't have charged more than was stated in the agreement when I took it out so they had to give it back! I may not have known I could claim this money without MSE.
First they should have cloud-based DDoS mitigation from their ISP, so that the pipe doesn't get flooded. Then they should install a hardware-based DDoS mitigation such as one from IntruGuard. Software based solution cannot handle DDoS well. Cloud-based mitigation cannot totally solve the DDoS. The residual DDoS needs to be cleaned by hardware in the data center. Good luck. Two ISP links will help the situation.
Most, if not all DDOS attacks come from Zombies, that were almost always compromised due to the PC owner's system being unsecure, or the user doing stupid things like opening attachments from people they don't know, not having a firewall or a filtering proxy, and not scanning for viruses.
My proposal: create an international treaty, whereby all zombie IP addresses captured in a DDOS attack can be traced back to accounts at ISP's or corporates, and the owner of the PC in question either pays a nominal fine (about the same as a small speeding fine) or gets their IP blocked from Internet access for a week or two. Most of the proceeds of the fine should go to the affected parties to compensate them for loss of business.
It is almost impossible to block a DDOS at the destination network, at least not without bogging down the equipment. We need stop it as close as possible to the source.
Making users liable for incidents involving their machines will give them a definite incentive to use and maintain them properly, or get someone else to do so if they are unable.
What a great idea - I'm with you on that one.
Actually, what would be a good expansion of that idea would be to collect all the IP addresses involved in a DDoS attack and post them to your country's antiterrorist hotline with a note to the effect that these IPs were detected as participating in a cyberterrorist act. Getting a few of these click-anything numpties sent to Gitmo or at least listed on a terrorist register would be a fine incentive for making people more careful about what they allow to be installed on their computers... a neat way of exploiting oppressive pseudodemocracies to educate the masses with a big stick about the perils of responding to and thereby encouraging spam and scams!
As the saying goes: No one raindrop believes it is responsible for the flood.
Biting the hand that feeds IT © 1998–2020