DDoS attacks knock Feedly offline for second day running

RSS service restored after four hours offline as extortion scheme continues

RSS aggregator Feedly today went dark for the second time in two days as another wave of distributed-denial-of service (DDoS) attacks knocked it offline.

At approximately 10:30 a.m. ET (7:30 a.m. PT), Feedly acknowledged that it had again been targeted by cyber criminals, who seem bent on crippling the RSS provider.

"The ops team has reviewed the attacks and is working on building a second line of defense to neutralize this second attack," said company officials, including Edwin Khodabakchian, Feedly CEO, in a brief status update on the firm's blog.

After a four-hour outage, Feedly was restored at 2:30 p.m. ET, 11:30 a.m. PT.

On Wednesday, Feedly was offline for about 13 hours after a DDoS attack kicked off overnight.

"The second line of defense is up and wave #2 has been neutralized," the company said today.

Yesterday, Feedly said that the attackers had demanded payment to stop their DDoS assault. Feedly rejected the blackmail attempt. "We refused to give in," said Khodabakchian.

It's not unusual for sophisticated DDoS attackers to swamp servers as part of an extortion plot, even though many attacks are politically or ideologically motivated, and no demands are made. The high-profile attack against Feedly -- which assumed the most-popular RSS aggregator mantle after Google pulled the plug last year on Google Reader -- may tip more criminals toward a ransom strategy.

"Although Feedly came out and said they wouldn't pay, we will likely see an increase in this type of behavior and incentivize more attackers to launch DDoS attacks that have ransom demands attached to them," argued Fred Kost, vice president of security solutions at Ixia, a California vendor that sells network testing, monitoring, optimization and security products.

"These criminals are determined to try to extort some money and we are determined to say no to extortion and focus on building a stronger Feedly instead," the firm pledged today.

Third-party RSS applications, which use Feedly as either their only feed source or one of several, were also unable to collect updates from Feedly during the two outages.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Tags Cybercrime and HackingFeedlyinternetMalware and Vulnerabilities

More about AppleFredGoogleIxiaMicrosoftTopic

Comments

Comments are now closed

Antique equipment dents IPv6 reliability

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
CIO
ARN
Techworld
CMO