Feedly refuses to pay DDoS ransom

RSS news aggregator Feedly was offline overnight Tuesday and for most of Wednesday after a distributed denial of service attack (DDoS) which saw hackers demand a ransom for the service to be brought back online.

Feedly refuses to pay DDoS ransom
Feedly refuses to pay DDoS ransom

Following shortly after a similar DDoS attack struck note-taking service Evernote, Feedly confirmed that it had been hit by an attack on Tuesday night (at 22:25 GMT), which continued on through to Wednesday afternoon. The incident has impacted users' ability to read the latest updates from their favourite websites.

Feedly has been a popular RSS reader since its launch in 2008, and saw an increase of 500,000 new users just 48 hours after Google closed its rival Reader service in March 2013. The company has a reported user base of more than 12 million, according to figures released in May of last year.

But such popularity has come at a price and on Wednesday morning the San Francisco-based firm confirmed that cyber-criminals had launched a DDoS attack on the site, and were demanding a ransom to reinstate the service.

“We refused to give in and are working with our network providers to mitigate the attack as best as we can,” explained Edwin Khodabakchian, founder and CEO of Feedly in a blog post

“We want to apologise for the inconvenience. Please know that your data is safe and you will be able to re-access your Feedly as soon as the attack is neutralised.”

At the time of writing, the feedly.com website was still down with visitors greeted by error messages including ‘408 Request Timeout' and ‘Error 502 Timeout'. On the latter, the website advises users that while there are no issues with their browser or the website's Cloudflare content delivery network, the web server cannot complete the IP request and connect to the host domain.

The company's last message on Twitter, posted at approximately 14:00 GMT, read: “DDoS update: We are still working to restore service. Thanks for bearing with us. More info on the blog”

In an interview with SCMagazineUK.com, BH Consulting founder and consultant Brian Honan explained that Feedly would be spending the time investigating the attack and may even block suspicious IP address/ranges.

“Feedly and their service providers will be trying to identify the source of the attacks and how to mitigate them. Depending on the type of attack they are suffering this may involve blocking access from certain IP addresses or IP ranges, which can be a time consuming exercise as they try to identify legitimate traffic from attack traffic.

“Alternatively they could be looking to see how they can increase their capacity in order to ride out the attack. However, most probably they are working with their providers to implement some DDoS protection systems which will mitigate the attacks.”

While the mitigation measures continue, others in the industry have been impressed with Feedly's transparency on the attack and its nerve in rejecting the attackers' ransom demands.

Graham Cluley, an independent security researcher formerly of Sophos, believes that paying the ransom could have had a bigger knock-on effect.

“I must admit I admire Feedly's attitude. It's right not to give in to the blackmailers who are essentially running an extortion racket, demanding that the cloud service pay up or be taken offline with their DDoS attack,” wrote Cluley on a blog post.

“The danger of paying DDoS blackmailers is that you're only encouraging them to attack you more, perhaps increasing their financial demands next time.”