“A year or so ago we suffered from a website attack. A £10,000 bounty was put on this to help us catch them. This resulted in two raids by the Police in North London, confiscation of significant amount of computer equipment for a year and an immediate seizure of the attacks after the bounty was put up. Not only that, but the ATTACK-BUSTERS got a very nice pay out,” Aria stated.
Aria, consider us fans of yours! We’ll follow you progress and post updates as they become available.
Meanwhile SCMagazineUK offers interesting perspectives from the InfoSec industry, which appears to be supportive with albeit some reservations among a few.
At HiveWind we’re among the supporters of Aria’s approach, for several reasons:
- They have in the past, successfully led to arrests and seizures.
- Their business model appears to have tolerance for some levels of risks and disruptions, whereby faithful customers are prepared to “wait-out” attacks, and phone-based handling will help them close some sales during attacks.
- Aria shows other e-tailers that they don’t necessarily have to cave-in to pressures, while incentivizing them to explore their own tolerance levels for risks and disruptions.
- Full disclosure of an extortion ploy is a solid way to garner support from loyal customers, as evidenced by their Forum Threads.
- Fighting back makes for great publicity, generating in-links, higher SEO ranking, traffic, and ultimately more sales. It would be interesting to compare the ROI of a £15,000 (~$23,000) spend in Google AdWords, compared to a bounty-payout. Keeping in mind that all this traffic gets generated regardless of whether the perpetrators get caught. And one can imagine an additional surge in traffic once the perps do get caught. According to Google’s Keyword Planner , the average Cost Per Click (CPC) for PC Hardware related terms hovers around $3.00 per click. With a $23,000 budget, this could generate close to 8,000 clicks. We would surmise that Aria have likely already received well over 8,000 page views from existing press coverage in the UK alone — This audience is likely to be InfoSec-minded and as such, likely to become customers. If they were an e-tailer selling shoes, then the traffic and publicity would be likely be of far lower short-term business value to them. The longer-term business value of higher search engine ranking from increased in-links volume, would likely still stand.