2 Min Read
TORONTO, March 3 (Reuters) - Social networking website Meetup.com is fighting a sustained battle against cyber attackers who are demanding only $300 to call off a campaign that has kept the site offline for much of the past four days.
The site, which enables strangers to meet for activities of shared interest such as sports and other hobbies, could not be accessed early Monday afternoon.
A Meetup blog said that the company was a victim of a distributed denial of service (DDOS) campaign, a type of attack that knocks websites offline by overwhelming them with incoming traffic. It said that no personal data, including credit card information, had been accessed.
Meetup's co-founder and CEO, Scott Heiferman, said on the company's blog that it was the first such attack in the site's 12-year history. He defended the move not to pay the paltry ransom.
"We made a decision not to negotiate with criminals," he said. "Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spread in the criminal world."
He said the small amount was likely a trick and that the perpetrators of the sophisticated attacks would likely demand more, a point internet security analyst Kevin Johnson agreed with.
Meetup represents a soft target for online criminals, who often attempt to extort companies in return for calling off DDOS attacks, said Johnson, chief executive of cybersecurity consultancy Secure Ideas.
"It's very common for this sort of attack to start off with a small demand," Johnson said. "It's not like Meetup can write a cheque for a million dollars."
Heiferman's blog post said the site should be able to protect itself over time, even though it has struggled to stay online since the attacks began on Thursday morning. He said Meetup spent millions of dollars a year to secure its systems.
The Meetup site and related mobile apps have been intermittently unavailable since Thursday.
The privately-held, New York-based site counts eBay among its investors.