Former CEO is indicted for alleged DDoS attack

The FBI said Shaikh was involved in four distributed denial of service (DDoS) attacks against the, which he help to found, and so crippled the content delivery company's servers.

According to the FBI, Shaikh was one of YouSendIt's founders when the company was established in 2004 and served as the company's CEO until August 2005. He then acted as the firm's chief technology officer until he left the company in November 2006.

Brian Contos, chief security strategist with Imperva, the data security specialist, said that the FBI case is interesting for several reasons, most notably that the former CEO of used a regular application to launch his DDoS attacks.

"The fact that the former CEO allegedly used ApacheBench to launch his attack on the YouSendIt servers brings up the issue of what companies can do to stop their former employees - especially staff in a senior position - from attacking their IT resource", he said.

"The answer, of course, is quite a lot, as whenever a member of staff leaves, their ID and passwords should be locked out of the system, and all supervisory passwords to which they had access to should also be changed", he added.

According to Contos, although well-executed DDoS attacks are difficult to plan ahead for, the use of multiple IP connections can go a long away to reducing their effects.

However, he went on to say, in this case, it's almost certain that the man used his inside knowledge of's IT architecture to allow a relatively simple DDoS attack to cause problems.

And, Contos said, the fact that it was a technically simple DDoS attack is almost certainly the reason why the FBI were able to quickly track down the alleged perpetrator of the ApacheWeb-generated IP sessions.

"Organisations whose staff leave the company under a cloud, as appears to have happened with this man, should always take simple security precautions against that employee causing IT-related problems", he said.

"These simple precautions can go a long way to preventing a former employee from staging a malicious attack on their previous employer's computer systems. Increasing reliance on IT means that firms should place increased emphasis on their internal security systems", he added.

What’s hot on Infosecurity Magazine?