If you think small businesses aren’t targeted by Internet attacks, think again. Unscrupulous competitors can have your website taken offline for just a few hundred dollars.

Jersey Joe is a family-run business in New Jersey which sells sports apparel online. Last year they were hit by an Internet attack which disrupted their business for days, costing them hundreds of thousands of dollars in lost sales.

The culprit turned out to be 18-year-old Jason Arabo, who ran a competing sports jersey business from his home. He wanted to disrupt his competitors, so he got a friend of a friend, 17-year-old high school student Jasmine Singh, to deploy a “bot network”—a network of hacked computers which he could control—to launch an attack on Jersey Joe and another online shirt company, Distant Replays in Atlanta.

Singh was paid three pairs of sneakers and a watch.

Investigators have found “bot networks for hire” in the hacker underground for as little as $500.

Arabo was caught after an FBI sting, and was sentenced to 30 months jail. However most online attacks are never investigated and prosecutions are rare.

Lessons for small business

  • If you’re doing business online, be prepared to respond to attacks to minimise the damage. At the very least, set up clear lines of communication so you can escalate problems to your Internet providers quickly.
  • Make sure your own computers are properly protected so they don’t become part of an attacker’s bot network. Use anti-virus and other defensive software, and train your staff so they don’t install malicious software by accident. Review these defences regularly.

Further reading