Let’s be honest about a few things upfront. We’re not as big as Microsoft. We don’t hold the most valuable confidential data. We don’t directly provide any services that businesses are depending on to maintain their operations.
We take useful IT security products, from innovative vendors, out to the UK channel. And, as some of you will know, we do so with an engaged, enthusiastic, and friendly approach.
We hope we’re the sort of people you wouldn’t fall out with. We certainly don’t see ourselves as prime targets for attacks on our own IT.
But who does?
On Wednesday 2nd September at 17:20, we were forced to really think about how people see us.
A few weeks ago, large volumes of traffic originating from German IP addresses were directed at www.alpha-gen.co.uk. This traffic overwhelmed the servers that host the website, causing performance to suffer. Pages took an age to load. Some connections timed out altogether.
Okay, so something was wrong. At this stage, it wasn’t immediately clear what that was – but we knew we had to react.
The website was taken off-line. Every connection was terminated in order to prevent the slowdown and get things back to normal. We thought that would be the end of the story. Unfortunately, we were wrong.
After the website was reactivated, the same thing happened. Traffic flooded in on a huge scale, making the website unusable for any legitimate user who happened to be looking for some information that evening.
Things suddenly felt more serious. How long could this go on for? What could we do to stop it? And, when so many DDoS attacks are made to distract your attention from more critical threats, what were we missing?
Our web host’s support team were our saving grace. They stepped in to take the website off-line, block the offending IP ranges, and put an end to the attack.
At 21:02 – three and a half hours later – the Alpha Generation website was back on-line. But we were left with questions that will stay with us for some time.
DDoS attackers select their targets for a huge variety of reasons. Attacks can distract attention from data theft, defacement, and modification. Sometimes, they can form part of a ransom campaign where, unless a company pays a large sum of money to their attackers, their servers will continue to be disrupted.
Following our attack, nothing has happened. No defacement. No ransom. Just silence.
The truth is that’s what makes it such a worrying incident. There was seemingly no logic to choosing Alpha Generation as a target. Our attackers had nothing to gain from us. We’re not financially any worse off. Our reputation is intact. We’re just a little embarrassed that it happened in the first place.
However, despite that embarrassment, we think it’s a story worth telling – precisely because it was an attack without reason on a comparatively normal business. A business like yours, or like your suppliers and clients.
With so much uncertainty around the nature of the attack, how long it would go on for, and when it will happen again, it wasn’t easy to take a life lesson from it all. But if we’re forced to find one?
A note from us:
As you can probably tell from the 68 day lag between the attack and publishing this post I’ve ummed and ahhed about publishing this post on our blog at all. In fact I’ve come very close to deleting the original Word document a number of times and just forgetting about the whole thing.
So why have I chosen to publish it after all this time? Well there are two reasons;
By-the-way, we never did find out why we were targeted.