Former YouSendIt Boss Charged With DoS Attack

The former CEO of YouSendIt has been accused of launching denial-of-service (DoS) attacks against the company.

According to the Department of Justice (DOJ), YouSendIt co-founder Khalid Shaikh has been indicted by a federal grand jury in the US District Court for the Northern District of California, after being accused repeatedly of launching a DoS attack against the company.

YouSendIt is a file transfer service used for sending and receiving large files over the web. Shaikh co-created the company in 2004. He was also CEO and then CTO, until he left in the company in 2006.

A denial-of-service attack typically swamps the targeted server with more traffic than they can handle. Shaikh allegedly used the ApacheBench software program to launch the DoS attacks against YouSendIt’s servers between December 2008 and June, the DOJ said in a press release.

The DOJ said that each of the DoS attacks temporarily stopped the servers from handling legitimate network traffic and stopped YouSendIt’s customers from using the company’s services.

If convicted, it seems that Shaikh could face a possible 20-year stretch in prison and a fine of up to $1 million (£614,000).

However it seems that Shaikh is protesting his innocence after he told The Register that the allegations are untrue. “I’m very excited about being able to talk to a judge,” said Shaikh, who is 32 years old. “They spin a very good story,” he told the UK publication.

Shaikh said he and a brother co-founded YouSendIt in 2004 and ended up leaving the company following differences with the company’s investors and remaining executives.

The court arraignment is scheduled for 3 December.

Meanwhile, data security specialist Imperva said that this case is interesting for several reasons, most notably that the former CEO of the company used a regular application to launch his attacks.

“The fact that the former CEO allegedly used ApacheBench to launch his attack on the YouSendIt servers brings up the issue of what companies can do to stop their former employees – especially staff in a senior position – from attacking their IT resource,” said Brian Contos, Imperva’s chief security strategist.

“The answer, of course, is quite a lot, as whenever a member of staff leaves, their ID and passwords should be locked out of the system, and all supervisory passwords to which they had access to should also be changed,” he added.

According to Contos, although well-executed DoS attacks are difficult to plan ahead for, the use of multiple IP connections can go a long away to reducing their effects.

However, he went on to say, in this case, it’s almost certain that the guy used his inside knowledge of the company’s IT architecture to allow a relatively simple DoS attack to cause problems.

And, Contos explained, the fact that it was a technically simple attack is almost certainly the reason why the FBI were able to quickly track down the alleged perpetrator of the ApacheWeb-generated IP sessions.

“Organisations whose staff leave the company under a cloud, as appears to have happened with this man, should always take simple security precautions against that employee causing IT-related problems,” he said.