Update: Credit card firm hit by DDoS attack

The attack was still under way this afternoon

Credit card processing firm Authorize.Net has been the target of an "intermittent" and "large scale" distributed denial-of-service attack since last Wednesday that has resulted in "periodic disruptions" of service for some customers.

Bellevue, Wash.-based Authorize.Net is owned by Burlington, Mass.-based Lightbridge Inc. and provides payment processing services for more than 91,000 small to medium-size e-commerce firms.

David Schwartz the company's marketing director, said Authorize.Net has been the subject of a massive DDoS attack that targeted the company's payment gateway service and resulted in periods of "brief disruptions" for customer.

The company received an extortion note a few days before the attacks began asking for a "substantial amount of money," Schwartz said. He did not elaborate on how the money was to have been delivered or whether the note came from someone inside the U.S.

"It was something that was sent to our general mailbox," Schwartz said. Law enforcement authorities, including the FBI, are now investigating, he said.

This is not the first time Authorize.Net has been the subject of such attacks, Schwartz said. "We have been attacked in the past, but not on this scale and with such tenacity," he said.

The attack has resulted in an extremely high number of calls to the company's customer support center, the company said in a statement on its Web site.

The attack is the latest example of a growing trend, said Tom Corn, a vice president at Mazu Network Inc., a Cambridge, Mass.-based vendor of DoS-mitigation technologies.

"We are seeing a big escalation of attacks involving extortion" targeted at e-commerce companies, Corn said. Such attacks have typically tended to increase during busy periods such as the upcoming holiday season or around major events such as the Super Bowl, he said.


Copyright © 2004 IDG Communications, Inc.

Shop Tech Products at Amazon