UK ISP Cloud Nine Hacked

I would bet my bottom dollar that this ISP was having a lot of other problems because I can't imagine hackers deterring a site so thoroughly. It's just unbelievable to imagine that they couldn't have gotten it under control.

Im sorry all this looks to be is a cheap easy lame ass escape route! Any ISP that is in the business has the power to stop such attacks in a orderly fashion.

You're forgetting where they are...
They still have something called privacy across the pond and they can't send the cops barging in to whoever does that... so it can be true. Here if you hack into something, the FBI will track you and the nice gentlemen with black suits and glasses will be in 5 mins outside your door... there... impossible...

said by MrTangent:

---

I would bet my bottom dollar that this ISP was having a lot of other problems because I can't imagine hackers deterring a site so thoroughly. It's just unbelievable to imagine that they couldn't have gotten it under control.

---

I don't think you're up to speed on what a Distributed Denial of Service (DDoS) attack is... You don't stop it, the people attacking are the only ones that can stop it. Remember when Yahoo and friends were hit? The attacks then only stopped when the attackers stopped. When you are getting hit from 100,000 hosts or more at once from all over the world, how do you stop it? Contact each of them? Put a 100,000 line access list on your router and watch it melt? When you're being hit with an attack that has more aggregate bandwidth than you or your upstreams can supply, how do you break the laws of physics to let other traffic flow?

With all the vulnerable MS machines out there on high speed connections these days waiting to do the bidding of malicious teens (or maybe competitors?) attacks like this will get more common. Lower profile sites (and especially IRC servers) are DDoS'd off the net quite often.

Just count yourself lucky that these kids haven't figured out to point their zombie DDoS clients at routers yet.

This wasn't a DDOS attack. DDOS attacks actually don't "damage" their target--- they simply overwhelm it... eventually, the attacks stop or are blocked, and you're accessible again.

This sounds like hackers got in and wiped out the ISP's files and blanked their machines.... and I guess they didn't have available backups.

Of course it was a DDOS, its says as much in the statement. Besides, its the only way that the attacker could bring down all those systems and KEEP them down. The technology to do this is elemetery, its just that the guys with the know-how and the resources(bots) have never had the balls to try and take down an entire ISP by DOSing all of its services before. It would require active monitoring of the ISPs services so as to re-direct attacks as they tried to bring services up on new pipes, and would not be somthing most script kiddies would be up to. I don't think we'll see this very often, but we will see it again however, now that someone has paved the way.

There are also some new types of DDOS attacks appearing latly using IP spoofing that are much more dangerous, and unlike previous ones, virtually untracable. This year should be quite interesting for the network security world, and thats never a good thing.

Ok, if this was a DDOS attack, they they are just using it as an excuse. A DDOS attack doesn't damage your equipment. it just renders you unreachable.

Imagine it like this: Someone is wardialing your phone, so as other people try and call you, they get a busy-- they can
t get through. But--- does that mean your phone is melting, or your house is burning down? No... Yes, you are being "cut off" but you're not suffering damage to your systems... I fail to see how a DDOS attack could cause an ISP to suffer so much damage they go out of business--- unless it was an extremely long term DDOS and their customers simply quit them.

The few things I read, mentioned that their firewall was compromised first, and then when they secured that, they came under DDOS attack. Who knows what kind of damage they suffered after the firewall was breached. This is someone who must have some sort of issues with this ISP or a company it hosts. Think about it, if you cannot attack a company directly, attack the ISP that provides it bandwidth......

Matt

Well it's across the pond again, and companies DO pay you compensation for DoS problems... A day in Europe can bring a company down because of the restitution it has to pay to its customers... while on the other hand here, we're lucky if Adelphia or Earthlink or Verizon even pick up their phones when a lousy mail server goes down...

They are using the issue as a scapegoat!

If they didn't have the infrastructure to stop/fix the problem they were on their way out already.

Maybe they have reason to believe that the cost and liability of running the company while under DOS attack is too great. If no attacker is found and business continuity is unable to cover the costs of any lawsuits, then where is the money to defend the business claims going to come from.

A business has a bank account with limited resources to pay for Lawyers, and investigative peoples over and above the day to day costs of staff, equipment, and electricity etc.

In the brief analysis others seem to elude to some empiracle knowledge of other reasons - get out a calculator and do the maths and then factor in a few lawsuits for loss of business.

It's better to work positively with your customers and to transition them to more reliable and secure platforms.

I commend these parties to exit an industry and transition their customers rather than running further down a path they ultimately will lead to failure.

Too bad other dot.com ventures are unable to know when to call it quits and move on...

...then how could somebody be reviewing them? the person gives them 5 starts with a contract of $99 a month.

the review is about someone in new york

and this is about a company in the UK

so i don't think they are related, but probably have the same name

this is cloud nine

isp review is cloud 9

lol

said by emmpeethree:

---

the review is about someone in new york

and this is about a company in the UK

so i don't think they are related, but probably have the same name

this is cloud nine

isp review is cloud 9

lol

---

Cloud9.net is located in lower New York State. This is clearly a different ISP.

If I may inject a bit of rational thought into this frenzy of ISP bashing, let us not forget that Cloud Nine didn't initiate the attack. The comments here are effectively defending the right of script kiddies to destroy people's lives and livelihood with their criminal behavior. They are not, as they so often claim, doing us a favor by demonstrating the weaknesses of internet security; they are thoughtless anarchists with no agenda but bragging rights. Nobody who has read a newspaper in the past decade believes that the internet is secure or any ISP is bulletproof. Do we need empirical evidence of this?

I am not in a position to defend Cloud Nine. They may have had inadequate protection for the task at hand. I don't work there, so I'm not qualified to judge. But I can't bring myself to blame the ISP any more than I can blame women for rape.

That's not what I'm saying.... what I am basically saying is I seriously the story as being reported that DDOS attack could do any serious damage. The type of damage necessary to force them to quit would suggest a much greater penetration--- and that would likely be because someone slipped up... They probably had someone get on their internal network and go on a rampage, but aren't admitting it. I suspect we're not hearing the whole story, and this "Hackers got us" might really be the straw that broke the camel's back... but it makes a great scapegoat or excuse to lean on to explain why they are quitting business.

Do you understand business?

do you really believe that damage has to be purely physical, ie melting processors and memory. well, surprise, it doesn't.

let me put this to you in terms that you may understand. If someone was able to close the doors of all of the tesco supermarkets in britain for a week, so no one could go in and shop, tesco would loose profit for that entire week, and probably have to close some stores when they finally got in, customers would start going to asda through the week, as they have to get food somehow. the actual tesco stores would not be damaged, but imagine damage to them as a brand if this were to happen. i am sure that most ISPs are run on a knife edge of profit v loss, and this sort of thing tips the balance, meaning a spiral of events (inability to pay there bandwidth charges = worse service = even more customer loss = more inability to pay for bandwidth and so on) If my business isp went down for a day i would strongly consider moving my business elsewhere - thats life. To think though that some looting little ##its can for no good reason take out an entire business is the end of the world.

rip cloud nine, what has happened to you is totally fucked up and some of the views on this board are symptomatic of this screwed up country where everyone hates a business that does well - think about it, you would only try to cover up if you intended to continue trading, why bother if you are shutting down?

optiK

Do you understand business?

do you really believe that damage has to be purely physical, ie melting processors and memory. well, surprise, it doesn't.

let me put this to you in terms that you may understand. If someone was able to close the doors of all of the tesco supermarkets in britain for a week, so no one could go in and shop, tesco would loose profit for that entire week, and probably have to close some stores when they finally got in, customers would start going to asda through the week, as they have to get food somehow. the actual tesco stores would not be damaged, but imagine damage to them as a brand if this were to happen. i am sure that most ISPs are run on a knife edge of profit v loss, and this sort of thing tips the balance, meaning a spiral of events (inability to pay there bandwidth charges = worse service = even more customer loss = more inability to pay for bandwidth and so on) If my business isp went down for a day i would strongly consider moving my business elsewhere - thats life. To think though that some looting little ##its can for no good reason take out an entire business is the end of the world.

rip cloud nine, what has happened to you is totally f#cked up and some of the views on this board are symptomatic of this screwed up country where everyone hates a business that does well - think about it, you would only try to cover up if you intended to continue trading, why bother if you are shutting down?

optiK

Yes I do, but apparently you don't seem to understand... people are making out a DDOS attack as if it is highly destructive... it isn't. It's highly DISRUPTIVE, yes, but not destructive. DDOS attacks are also relatively short lived-- they can be blocked or "dodged" once the attack has begun... remember, even the massively famous DDOS attacks on ebay, Yahoo and others in the U.S. a year or two ago only resulted in several hours of intermittent un-availability. It's hard to imagine that an ISP could be cut off for a long enough period to cause them to lose a lot of their customers and fold up. How long was the attack? A month? A week? A Day? An Hour?

"Hacker DDOS" attack cannot be the whole story.

KrK...you don't seem to have a grasp on what a DDOS can do...Cloudnine never said their equipment was damaged, they said they cannot continue....

You are not realizing that a DDOS on a ISP is MUCH different then a website...the DDOS on Yahoo and such crippled Yahoo for hours, and the reason it wasn't longer was because most major sites like the whitehouse.gov, yahoo, etrade....all use Akamai web services where Akamai can remap their ip's at a moments notice and enable them to filter or have most of the DDOS pointing at the wrong location

Tiscali is another ISP that was shut down FOR DAYS by a DDOS

In a DDOS on a ISP you can't just filter or move the traffic because you have to remap EVERY SERVER ROUTE. in cloudnine's case the DDOS was on mulitple fronts, all the IP's for their Dialup Pools, their mail and FTP servers were attacked, this made it impossible for their dialup pools to even function fully at doling out IP requests for each client that dialed in

That is what happened to cloud nine, a ISP does not have the luxury that a website does to be hosted by a HUGE corporation such as Akamai that can have techs remap traffic at a moments notice, cause if the ISP just randomly remaps all their services, their users cannot access them, you are comparing a complete ISP to a simple web server..a ISP can't just block or dodge an attack
[text was edited by author 2002-02-01 21:32:55]

Question: If a storm hit and your business was without power for a day, would it be out of business?

Unlikely, unless it was already as good as dead. The article talks about "Insurance not covering a rebuild". Something else happened here besides a DDOS attack. The article also gives specific timeframes which make it appear as if the attack began and the decision to quit occurred the very same day, or the next.

My point is simple: We're not being told the whole story. "Cyber terrorism" makes a nice sympathy grabbing statement.... but it's tough to believe that a claim that says "We were DDOS'd to death".

Um hate to spoil your consipiracy theory, but if you ask cloud 9 users or read the initial reports before they shut down the DDOS lasted more then a day...once again Tiscali was also attacked and shut down for almost a week

And yes if you shut down an ISP's service for almost a week not only are you losing revenue and customers due to the sheer amount of re-imbursement you have to do for your corporate customers, but alot of the little regular users will go elsewhere also..not to mention the first wave of the attack was a brute force firewall attack which allowed the initial perpetrator to destroy most data on a webserver holding 1,000 pages...and that is the key, once they got past the firewall they most likely gathered all the address and internal info they needed...the main DDOS did not begin until they brought there servers back online after re-firewalling

Cloud 9 is not a huge ISP they didn't have reserves of cash to be spending on over time techs and PAYING to change their connections to avoid the attack...they can't just say ah well we are being attacked, switch to our back up OC/3's

Unless you have worked at an ISP you have no idea costs and problems that can be associated with a major attack

The sheer problem of your mail and ftp servers being attacked is bad, but having your modem pools and major connections attacked is another problem

And if you notice the attacked NEVER STOPPED The only reason they stopped was because Cloud 9 SEVERED all there internet connections...its as if someone was attacking your ip and you solved the problem by just unplugging your computer...the attack would still be going on..it would just not be doing anything since there was no longer a target, and most of the scripts used in DDOS attacks will shut down after a period of timeouts

But for all you know if you turned cloud 9's internet connections back on, the attack would be right where it was...still bombarding

[text was edited by author 2002-02-02 02:28:06]

said by qumahlin:

---

..not to mention the first wave of the attack was a brute force firewall attack which allowed the initial perpetrator to destroy most data on a webserver holding 1,000 pages...and that is the key, once they got past the firewall they most likely gathered all the address and internal info they needed...the main DDOS did not begin until they brought there servers back online after re-firewalling

---

AH thanks for proving my point. This wasn't a simple DDOS attack. A security problem was exploited which resulted in much data destruction and compromised information.... that was far more costly then the DDOS'ing... and I guess a good backup regime wasn't in place, either, resulting in a catastrophic loss to the business. This is more believable, now. I have yet to see any reports that any compensation was paid for service outages, they usually are exempted by contract for situations like this... and it still appears to have been a quick decision to shut down...
the DDOS attack was a straw breaking the camel's back so it appears.

ok Krk, i'm done arguing, you've obviously never worked for an ISP so you will never understand what I am talking about

As I said Tiscali lost TONS of money because a DDOS shut them down FOR A WEEK

It's the same as with the love bug virus and all those don't you ever wonder how they come up with these outrageous damage estimates of millions and billions of dollars when all love bug was, was a e-mail?

I suggest you startup an ISP or go work at one and see the effects of what a week of no service can do

And no, there is no contract exemption from MASSIVE server outages as in most servers are made to operate on the 7 9's principal preventing such outages..the decision was not quick, it took over a week to make the decision and the decision was made because EVERY time they tried to bring the servers back up they were blocked out again, so backup or not, whats the point of restoring the data when it can no longer be accessed

And on another note, in most cases a backup regime IS NOT the ISP's problem, the owner of the page is ALWAYS informed to keep their own backup, you think if your ISP accidentally destroys your personal web page they have a back up sitting around?

You say you're done arguing and then commence arguing every point...?

Ok 1) I've never seen anything saying they were down for a week. You seemed to pick that arbitrary amount of time, and then compare it to Tiscali.

Were they down for a week or more or not? You say yes, but the articles don't say that...

You will be hard pressed to get an ISP to offer refunds and mass credits for a day or even 2 days worth of outage, and never has it been said that Cloud Nine had to pay any, it's been suggested that maybe that was one of the costs, but my point is I DOUBT IT, since it's not claimed as one of the expenses, and even so, most contracts don't hold the ISP responsible for things beyond their control (like an outside DDOS attack.)

As for the back up issue---- If only User webpages were lost, and it was the user's responsibility to keep them backed up, then where is the big hit financially on the ISP? I'm betting THEIR pages and data got wiped, not just users. The word "rebuild" was used.... why? Certainly not from the DDOS. I'm betting their servers got WIPED.

A new article released today says the DDOS keep occurring over a period of several months, although it wasn't always successful in causing service outages, it caused constant problems. Being it was such a long term attack, and Cloud Nine was a small company, I see how this could really hurt financially.... Several months is certainly enough time for disgruntled users and businesses to give up and take their money elsewhere.... add to that the penetration of their local network and the mass destruction of files and that was probably it for Cloud Nine. Sucks for them.

We host our own website, and I have to tell you that a DDoS attack can wreak massive hell on just my tiny server, and, given what I had to put up with, I know that an ISP must have many other things to contend with besides simply a site. So, through inference, it's believable that a tiny ISP would have problems with a DDoS attack, because I've heard that in the UK people are actually compensated for downtime. So with plenty of users and long downtimes predicted, the execs decided that, rather than go bankrupt, they should try to get out while they could and keep the money they could without having to pay IT's and all the users hanging on. There's no telling as to how long it could take before all users' access is restored, and I think that they were just looking ahead to prevent bankruptcy.