June 2014 – Electronic Extortion and the Neighborhood Cyber-watch


2014 ACE Events
IAITAM 2014 Fall ACE update:

REGISTER NOW for the IAITAM 2014 Fall ACE through July 31st and receive FREE Individual Membership for 1 year – call +1.330.628.3012 for full details.

Registration is underway for the IAITAM 2014 Fall ACE at Kalahari Resorts in Sandusky Ohio, USA.  The theme is “Tame your ITAM Jungle” for the event, and from what we’ve heard the past months, it is a jungle out there – between balancing the needs of the organization and fitting the program into organizational goals to the overwhelming issues of license compliance and mobility, the IAITAM ACE puts you together with industry experts and your peers that have cut a path through a similar ITAM jungle.

For questions or additional information on this or any IAITAM ACE event, reach out to your IAITAM Member Service representative today at info@iaitam.org or call +1.330.628.3012.

Also – consider free entrance to the ACE.  Have you considered speaking at the ACE?  How is your ITAM program doing?  What have been the highlights or the stumbling blocks from your program implementation that other practitioners might find useful?  Consider discussing your ideas with IAITAM by first completing a Speaker proposal, or give IAITAM a call to discuss your thoughts with one of our in-house experts.

Watch the IAITAM website for Spring 2015 ACE news in San Diego as well!
Member IMUG’s
The IAITAM ACE IMUG session will be held for all those in attendance in Sandusky at the Fall ACE and not broadcast live.  Leading up to the Fall ACE though, join all your fellow IAITAM Members for the following events and speakers:

Go out to the IAITAM website to listen in to previous month’s recordings at this webpage (you must first log into the site with your Member ID): Strategic Information for IT Asset Managers

Futures &Trends – 2nd Tuesday Building & Expanding – 3rd Tuesday Automation – 4th Tuesday
July Paul Baum/Marie Molina – PlanITROI

Disposition Legislation and the MAR Program

Sherry Irwin – TAM

Invoice Reconciliation

IAITAM Interactive Workshop – Mobile

IAITAM Members can register for one or all and participate in none or all monthly.  For questions or to suggest a speaker or topic for the IMUGs, please email imug@iaitam.org.
IMUG Monthly Article: Electronic Extortion and the Neighborhood Cyber-watch – DDoS, CloudFlare, Feed.ly, and Evernote
On June 11th, 2014, both websites Feed.ly and Evernote were under attack from a common cybercrime tactic known as a DDoS or a Direct Denial of Service.  This happens when a company’s servers are overloaded with requests from a massive wave of users all trying to connect to the server at once.  It can be difficult to account for since the only surefire way to establish safeguards against this measure is to increase server capacity beyond the capabilities of the DDoS attack itself.  This is not easily accomplished since increasing server space and traffic handling capabilities can be very expensive.
To make matters worse the criminals were trying to extort the websites under attack by stating that they will lift the DDoS assault if they paid their ransom.  The speculation is that the bot network used to execute the attack was hired from another cybercriminal who originally controlled the botnet.  These “hirelings” are then sent out to perform the attack while another criminal attempts to extort money from the victim to lift the ban.
The criminals appeared to be relentless because wave after wave of DDoS onslaught bombarded against the server walls of Feed.ly and Evernote.  Three waves in total all attempted to extort money from the companies with each attack becoming more and more distressing.  Why Feed.ly?  Feed.ly had just recently launched a premium option for their services.  While still fully capable of populating an RSS feed with the free version, the premium version added some nice benefits for power users and business class clients.  It is assumed that this is the money the criminals were after.
In response to these attacks, Feed.ly made it known that they were working with a DDoS mitigation company known as CloudFlare.  CloudFlare is a content delivery network that improves website performance and security.  And it’s free…to a point.  Operating off of a “freemium” model, CloudFlare has a free option that provides baseline network security for handling information requests but also offers different levels of protection beyond the free option for a subscription-based fee.
Utilizing their own developer operations along with CloudFlare support, Feed.ly and Evernote were able to survive three distinct waves of DDoS onslaughts all the while never giving in to the extortion schemes of the attackers.
The moral of this story is that it seems that internet crime has evolved into a joint effort between criminals.  A botnet controller, who is a criminal, sold his services to an extortionist, also a criminal, to try and extort money and share in the profits.  This is very reminiscent of more classic organized crime where shopkeepers would pay the criminals a “security deposit” to ensure their store wasn’t damaged by the criminals they were paying.
Regardless, this will not be an isolated incident.  Companies such as CloudFlare and others have stepped up and freely offered their services and helped create an internet neighborhood watch of sorts.  After all, an ounce of prevention is worth a pound of cure.

This Month’s Featured Sponsors: 

Tabernus: Tabernus is a global provider of certified data erasure software, hardware, and service solutions that completely remove all data from hard drive storage devices. Since 2002, Tabernus has provided solutions for storage in the form of software and hardware solutions for hard drive data erasure and testing. Asset managers can benefit from Tabernus’ data erasure solutions that exceed regulatory and compliance legislation and ensure end of life data security. With an emphasis on enterprise level data erasure delivered onsite in the office or in the data center, Tabernus solutions offer great value (ROI) and expertise to the end of life data removal process for end users and service providers alike. Tabernus has set the benchmark for software and hardware development focused on end of life data elimination.  http://www.tabernus.com/

Open iT, Inc.: OpeniT helps you succeed in your efforts to manage global IT assets. OpeniT offers best of breed metering and optimization software so you can stay compliant and make sure every new purchase is justified by actual company needs. Visibility into usage profiles of your IT users across the enterprise will also make sure you support the users better with the technology and training they need to get their job done. OpeniT provides dashboards with trends in usage from the enterprise level down to the individual user groups to help you work together with business leaders – to produce more value for your company for less cost.  http://www.openit.com/

Dynamic Recycling: Dynamic Recycling is a full service IT asset disposition, electronics recycling, and data security corporation with locations in La Crosse, WI and Nashville, TN. Since 2007, Dynamic Recycling has been an industry leader in fully accommodating various corporate, healthcare, and financial organization’s needs for IT asset remarketing, recycling, and data security (on-site or in-house). Through our ability to manage the recycling and remarketing of IT equipment and electronic material in-house, further allows us the ability to provide a value added services to our customers. Specifically, those looking to increase their profitability and decrease their current IT asset disposition costs in the short and long-term. Additionally, Dynamic Recycling takes great pride in being able to offer our each of our customers, with one of the best customer service experiences known throughout the industry. We are here to support our customer’s best interests, and custom tailor our full service approach around their specific needs.  http://www.dynamicrecycling.com


The International Association of IT Asset Managers (IAITAM) is the largest organization providing education, certification and thought leadership to the management of IT as a business. IT Asset Management is the management of hardware, software, mobile and other technology to maximize the value to the organization.