What Happens When Hackers Hijack Your Website and Demand a $300 Ransom?

The Citizen's Guide to the Future
March 10 2014 9:06 AM

Aggressive Hackers Brought Meetup Down. Here's How It Came Back.

Meetup's website was down intermittently for about four days while their servers were bombarded with DDoS attacks.

Photo from Meetup.

Last weekend, the event coordination site Meetup was down. If you've ever seen the part in The Social Network where fictionalized Mark Zuckerberg says, "We don't crash ever! If the servers are down for even a day, our entire reputation is irreversibly destroyed," you know how dramatic this stuff can be. It took Meetup from Feb. 27 to March 3 to completely restore service stability. So what happened?

Lily Hay Newman Lily Hay Newman

Lily Hay Newman is lead blogger for Future Tense.

Meetup was hit with a distributed denial-of-service attack (DDoS), in which an attacker uses a virus to take over a number of computers, then uses those comuters to send an extremely high volume of packets to a server until its switches are too overwhelmed to process actual user traffic. DDoS attacks are a classic and common hack but have gotten much more severe in recent months. Jag Bains, the chief technology officer at the security firm DOSarrest, told Reuters, "It's really a game of cat and mouse. I'd like to say we are ahead, but I just don't think it's true."


On Thursday, Feb. 27, Meetup began experiencing a DDoS attack, and Meetup's CEO, Scott Heiferman, received an email attempting to extort $300 from the company to stop it. Meetup was reluctant to negotiate with criminals, but the amount the hacker was asking for was also so small as to be suspcious. The team was concerned that if the company paid the money, it would be further exploited and would also send the signal that such a ransom demand could work on other companies. 

"When someone steals a credit card, the first thing they do is try a four- or five-dollar charge and see if that goes through," says Brendan McGovern, Meetup's CFO and co-founder. "Once they’re successful there, they know that they have an open pipe, and that’s when they hit you for a few thousand dollars. So we decided early on to not engage at all, to not respond, and not pay. And, in the long term, that served us. If everyone is not paying, and these types of attacks are just not successful, then perhaps they’ll stop."

Meetup's CTO Gary Burns says that the most important lesson was that companies should foster close connections with their Internet service provider because the attacks can't really be controlled without the ISP's help. On a day-to-day basis, Meetup has been able to deal with unusual traffic by doing things like blocking IP addresses that generate heavy traffic or setting up firewalls. But in this case the amount of traffic was too overwhelming.

"The traffic that was sent to us was large enough that it started to be a problem for the ISP, the level above us," Burns says. "So there wasn't a lot we could do to try and mitigate the attack because it wasn't within our control. What's really important is the relationship you have with your ISP and the flexibility you have there." Meetup is also ensuring that all of its systems and partners' systems are fully upgraded and patched to reduce network vulnerabilites. But Burns warns that patching weaknesses needs to be an Internet-wide effort to truly be effective.

McGovern says that Meetup's losses will be in the hundreds of thousands of dollars, between extending all organizer subscriptions by seven days (subscriptions are about $15 per month), losing out on new subscription sales while the site was down, and spending money to mitigate the attacks.

"It’s significant but, and I’m actually authentically being serious about this, it paled in comparison to the amount of pain that was suffered by the Meetup members and organizers in the community. We’ll take a big hit financially, but to see all the people who had a really rough four or five days while they were relying on us is a much more painful number." Humanity emerges in times of crisis.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.



More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

What Charles Barkley Gets Wrong About Corporal Punishment and Black Culture

Why Greenland’s “Dark Snow” Should Worry You

Three Talented Actresses in Three Terrible New Shows

Why Do Some People See the Virgin Mary in Grilled Cheese?

The science that explains the human need to find meaning in coincidences.


Happy Constitution Day!

Too bad it’s almost certainly unconstitutional.

Is It Worth Paying Full Price for the iPhone 6 to Keep Your Unlimited Data Plan? We Crunch the Numbers.

What to Do if You Literally Get a Bug in Your Ear

  News & Politics
Sept. 16 2014 7:03 PM Kansas Secretary of State Loses Battle to Protect Senator From Tough Race
Sept. 16 2014 4:16 PM The iPhone 6 Marks a Fresh Chance for Wireless Carriers to Kill Your Unlimited Data
The Eye
Sept. 16 2014 12:20 PM These Outdoor Cat Shelters Have More Style Than the Average Home
  Double X
The XX Factor
Sept. 15 2014 3:31 PM My Year As an Abortion Doula
  Slate Plus
Slate Plus Video
Sept. 16 2014 2:06 PM A Farewell From Emily Bazelon The former senior editor talks about her very first Slate pitch and says goodbye to the magazine.
Brow Beat
Sept. 16 2014 8:43 PM This 17-Minute Tribute to David Fincher Is the Perfect Preparation for Gone Girl
Future Tense
Sept. 16 2014 6:40 PM This iPhone 6 Feature Will Change Weather Forecasting
  Health & Science
Medical Examiner
Sept. 16 2014 11:46 PM The Scariest Campfire Story More horrifying than bears, snakes, or hook-handed killers.
Sports Nut
Sept. 15 2014 9:05 PM Giving Up on Goodell How the NFL lost the trust of its most loyal reporters.