The worst thing about a distributed denial of service attack is not the attack itself. Rather, it is the slew of bottom-feeders who appear on the horizon after the deed and try to profit from the misery of others.
In the true spirit of American greed, security firm Norton by Symantec is out there today, plugging figures from some survey or the other to push the case that small and medium businesses - many already unable to cope with existing expenses - should also invest in insurance as a means of recouping damages from a likely DDos.
No surprise, the insurance on offer is from a partner of Norton!
Close on its heels, is Computer Services Corporation, another firm that is attempting to feed on others' misfortune.
{loadposition sam08}CSC has issued a white paper (why are all these papers white?) trying to push its wares.
Note carefully that neither of these companies has any suggestion as to how the Internet itself can be strengthened so that everyone has less of a chance of suffering from a DDoS. No suggestion as to how mitigation can be improved for the public good.
Indeed, Dynamic Network Services, the very company that was the target of the attacks, tried to project itself as better than it is at managing such attacks by claiming that millions of devices had participated in the DDoS.
Later, it had to recant and admit that the actual number was closer to 100,000.
No, greed is first and foremost. It reminds me of the film The Corporation where a stock trader was quoted as saying that when he saw the planes crashing into the World Trade Centre towers on 11 September 2001, his first thought was how he could help his clients to make money by shorting airline stocks.
The Internet was built on free and open source software, using protocols that are free. But now there are millions of rent-seekers who want to use the network to line their own pockets. If they did so while also contributing to the public realm, I would have no problem with it.
This self-interest has been seen many times in the recent past. The Heartbleed vulnerability in OpenSSL put millions at risk; that project has meagre resources, both monetary and staff-wise, but its software has almost universal use. How many mega-corporations have come forward to donate money or resources to improve the security of OpenSSL?
The only person to do something worthwhile was Theo de Raadt, the head of the OpenBSD operating system project, a free software entity. He and his so-developers started a fork of OpenSSL, called LibreSSL, to weed out the many flaws in its code.
Or take the case of OpenSSH, which, coincidentally, is also developed by de Raadt's project. Nearly 90% of those who use SSH use the OpenBSD incantation.
De Raadt told me more than a decade ago that contributions to free software that is almost universally used comes mostly from individuals, not corporations. To quote him: ""Hardware donations do not come from vendors who use OpenSSH on parts of their stuff. They come from individuals. The hardware vendors who use OpenSSH on all of their products have given us a total of one laptop since we developed OpenSSH five years ago. And asking them for that laptop took a year. That was IBM. It took a year of negotiation and I had to talk to 15 people and I had the right person from the beginning but she had to get okays from other people and I had to write letters to say why. It was astounding."
For one reason or another, DDoS attacks are going to have massive impacts on online businesses, until technical solutions are devised to lessen their impact. Crude marketing moves are not going to help in any way to make the Internet a better place to do business.