PECash's online network of stores withstood a suffocating distributed denial of service attack which began September 10 and endured until the site's account administrator announced September 13 that they were 100 percent restored.
KenC said PECash battled to raise server performance and bandwidth through September 11 to no end, until they reached a deal with what he called only "the best DdoS protection service available," though it took the network another 24-48 hours to get the service implemented and "propagate the DNS that brings all our relocated stores back online."
PECash is still monitoring their network severely, just in case.
"We are back online, we're still struggling with DNS propagation issues, some of this stuff takes time for the whole Net to catch up," said PECash chief technology officer Don Buckley to AVNOnline.com September 13. "We had to change a lot of IP addresses, the whole hosting service for our site is virtually pointed to a third party and that cleans the traffic for us."
Buckley said PECash has no idea yet who was responsible for the attacks, though the company has been in touch with FBI bureaus in their own Ohio and in California. The only thing he seemed convinced about in that regard was that the attackers probably were not also from the adult Internet industry.
"PECash is owned out of Cleveland; we've been in the adult business for about forty years," he said. "I do not believe this is a competitor attacking us."
Buckley also said, when asked, that it was probably coincidental for the attacks to have begun around the anniversary of the 9/11 atrocities of three years ago. "As I was filling out [applications] and dating them Sept 11, it did make me wonder. But I don't know. It's probably just coincidental, and the FBI hasn't really linked those two issues together," he said.
What he does know, he said, is that PECash received an extortion letter – but of a curious variety. "The nature of the original extortion letter was very elusive," he said. "They didn't come right out and say, 'give us money or we'll attack you.' The letter said he has knowledge about a DoS attack against you and, although he's not attacking, he can stop it. He presented himself as a good Samaritan who could assist us for a reward.: the sender presented himself as a kind of good Samaritan, telling the recipient he knew of a pending DdoS attack and offering to help the company prevent it for a payment.
"All they asked for was $2,000," Buckley said. "The fix was considerably more expensive. I think if they attack 20 Websites and get five to pay, they make ten grand. But this attack has been ruthless. It's been extremely high volume. Even the experts were surprised at how high the volume was."
Needless to say, PECash paid the letter writer not one cent.
"The FBI, and the experts on DDoS attacks will tell you, that the attackers select a range of Websites, threaten an attack with an extortion letter, for a couple of thousand dollars, and then they will launch their attacks," Buckley said. "It's just a method to use you as an ATM machine. Some people will pay, some people won't, and next week maybe there's another target."
Such attackers, he said, will pick on an adult Website or Web portal for the same reason they might attack online casinos. "They know an adult site has cash flow," he said. "I think they care little about the repercussions."
Late in August, the federal government announced early results of its so-called Operation Web Snare, results that included the chief executive of Orbit Communications facing serious criminal charges in an apparent plot involving himself and a partner hiring hackers in three other states to attack a competitor Website. Buckley admitted that the "hackers for hire" idea crossed his mind briefly when the PECash attacks began.
"But I think this is more like a new business model," he said. "Threaten attack, extort as many as you can for cash, move on to more Websites next weekend. I only hope it's over in a week's time. It's already lasted three days and that's longer than anyone thought it would last."
The attacks are continuing against PECash's original servers, but Buckley said the company moved everything over to a new server hosting company, enabling PECash to get back into business September 13 despite the continuing attacks. "This is a pretty sure fire solution," he said, while adding the company did not want to be identified publicly for the time being.
"The contract with this company protects us for one year, but I have no intention of termination the contract after a year," he continued. "They give us peace of mind so we can sleep at night. We're not the only adult site who's their client. They have several adult sites and casinos who they protect."
But in another sense, Buckley said, that move may be seen by some as too little, too late. "Several affiliates complained we didn't notify them fast enough as to the problem we had," he said, "and they were alarmed we were offline for 24-48 hours. Time is money. And we know that. But the security professionals in this type of industry all recommend you keep your mouth shut until the problem is fixed. They don't want you to antagonize the attacker in any way."
Especially if you get a followup message, as Buckley said PECash received September 13. "[They] still see the attack as ongoing," he said, referring to that letter without offering details. "They're just looking at their bot-net and see it still pointed at us."
"Even the e-mail message I got from the extortionist today still see the attack as ongoing. They're just looking at their botnet and see it still pointed at us…. The good news is that our agreement with the DDoS protection service keeps us protected from DDoS attacks in the future. In fact, we are so impressed with the service and their technicians that we would not consider doing business without them from this point forward."
In a message posted to a few adult Webmaster message boards, KenC thanked PECash affiliates who know and trust the company and understood such an outage was "very uncharacteristic of our service, history, and company philosophies." He also apologized to affiliates "for not notifying you sooner.
"The recovery from this attack has been all consuming and without going into great detail, there were security reasons we could not announce this sooner," he continued. "Most companies would not even admit to having experienced a DDoS attack, even after it has been brought under control, but we know we owe you an explanation. To those who think they can find better service elsewhere, all I can say is when a DDoS attack hits, no one is safe. To our competitors, all I can say is, when it happens to you, give me a call and I'll tell you what your options are to minimize the impact."
