[ISN] Update: Credit card firm hit by DDoS attack

InfoSec News isn at c4i.org
Thu Sep 23 03:14:58 EDT 2004


By Jaikumar Vijayan 
SEPTEMBER 22, 2004 

Credit card processing firm Authorize.Net has been the target of an
"intermittent" and "large scale" distributed denial-of-service attack
since last Wednesday that has resulted in "periodic disruptions" of
service for some customers.

Bellevue, Wash.-based Authorize.Net is owned by Burlington,
Mass.-based Lightbridge Inc. and provides payment processing services
for more than 91,000 small to medium-size e-commerce firms.

David Schwartz the company's marketing director, said Authorize.Net
has been the subject of a massive DDoS attack that targeted the
company's payment gateway service and resulted in periods of "brief
disruptions" for customer.

The company received an extortion note a few days before the attacks
began asking for a "substantial amount of money," Schwartz said. He
did not elaborate on how the money was to have been delivered or
whether the note came from someone inside the U.S.

"It was something that was sent to our general mailbox," Schwartz
said. Law enforcement authorities, including the FBI, are now
investigating, he said.

This is not the first time Authorize.Net has been the subject of such
attacks, Schwartz said. "We have been attacked in the past, but not on
this scale and with such tenacity," he said.

The attack has resulted in an extremely high number of calls to the
company's customer support center, the company said in a statement on
its Web site.

The attack is the latest example of a growing trend, said Tom Corn, a
vice president at Mazu Network Inc., a Cambridge, Mass.-based vendor
of DoS-mitigation technologies.

"We are seeing a big escalation of attacks involving extortion"  
targeted at e-commerce companies, Corn said. Such attacks have
typically tended to increase during busy periods such as the upcoming
holiday season or around major events such as the Super Bowl, he said.

More information about the ISN mailing list