“We’re looking at what we can do to make sure this won’t happen again. We’re sorry. I’ve had no sleep for two days” – Tony Neate, GSO chief executive
During the first hour after the National Crime Agency (NCA) advised Internet users to check out the Get Safe Online web site in the wake of the Gameover Zeus/CryptoLocker botnet takedown, the site suffered what some have described as an unintended DDoS attack.
The reality for most users who heeded the 2pm Monday call was that site either froze as they were trying to access it, or simply became inaccessible as too many people overloaded the site server’s access facility.
Get Safe Online (GSO) has blamed the effective outage as simply down to the fact that two many people were trying to access the site at the same time. As a result, the servers could not complete the IP requests, resulting in an outage lasting two days, until late yesterday. This was despite the site operators moving swiftly to quadruple site capacity.
Tony Neate, GSO’s chief executive – the man who set up the company back in 2006 after a 30-year career in the Police – told the BBC newswire that it is important for people to realise that this has been a learning curve for him and his team.
“We’re looking at what we can do to make sure this won’t happen again. We’re sorry. I’ve had no sleep for two days,” he said.
GSO is a jointly funded operation supported by the UK government and a variety of commercial sponsors, including Barclays, NatWest, Kaspersky Lab and PayPal. The idea behind the site is that it is a one-stop shop for cybersecurity safety for individuals and small businesses.
Sean Power, security operations manager with DOSarrest, the DDoS remediation specialist, said that the overload of GSO is a great example of the `Slashdot effect’ or the `Reddit hug of death.’
This, he explained, is where a site’s sudden popularity – usually initiated by reference in a popular community site – is more than the infrastructure can handle.
“This is akin to a small cart vendor opening a free money stall in Times Square,” he said, adding that the nett effect is a sudden denial of service that is both unintentional and unexpected.
It is, says Power, vital that a denial-of-service incident response team is able to tell the difference between a malicious attack and a sudden dramatic increase in popularity, because you will want to treat the two situations very differently.
“For this reason many firms elect to employ a seasoned denial-of-service mitigation company who have the expertise to make this distinction – and act accordingly to ensure that the site is up and available to all legitimate visitors,” he said.”
“One of the added advantages of having a good distributed-denial-of-service protection provider is their ability to handle extremely large legitimate requests, whereby the customer gets to leverage their caching and distributed architecture,” he added.