Battery Sites Suffer Attacks

Thursday, August 25, 2011 @ 02:08 PM gHale

Battery retail web sites suffered denial of service attacks last year that ended up costing over $600,000 and the FBI is now investigating.

The attacks ended up traced to Russian domains but it looks more like corporate-sabotage, officials said.

RELATED STORIES
Man in the Middle Attack? Not So Fast
Encryption Standard Can be Beat
Websites Hit with Injection Attack
Malware Feeds Off Slow Patching

The October 2010 distributed denial-of-service (DDoS) attacks on Batteriesplus.com and Batteries4less.com also targeted other battery-related Web sites and have hit a “wide range” of United States-based businesses, according to an FBI analysis of attack logs provided to the agency. The other targets were not immediately available.

Although the attackers appear to have links to Russia, it’s likely a U.S. competitor who wanted to affect the victims financially by interfering with sales paid for the venture, said Batteries4less.com Chief Executive Coryon Redd.

“We speculated at the time that it might be a competitor because we are in a very competitive online market. We specialize in cell phone batteries, but there are many companies of similar size to ours that are out there,” Redd said. “None of the (rivals) are going to be in Russia. There’s a growing trend for criminals in Russia to offer services such as being able to take down a Web site. The competitor is going to be U.S.-based and contracting out with a bad guy in Russia.”

The Batteries4less.com site was down sporadically over a period of three days to a week, causing about $50,000 in lost sales and expenses incurred to defend against the attack, Redd said.

“It’s very unusual for an e-commerce site to be affected in this way” by a DDoS attack designed for sabotage, he said. Typically, DDoS attacks are politically motivated — against a government site, for instance — or conducted by online activists who want to send a message.

The two botnets, called “Black Energy,” controlled by command-and-control servers at the Russian domains, were still attacking U.S. sites as of May 2, 2011, according to the FBI affidavit sworn by Agent Richard Bilson.



Leave a Reply

You must be logged in to post a comment.