Two Possible Reasons For The Ellie Mae DDoS Attack

BLOG VIEW: In case you didn't hear, loan origination system provider Ellie Mae's network went down for more than 24 hours starting on March 31 and into April 1, leaving its customers with no way to close, let alone process, mortgage loans.

In a release, company officials said the likely cause of the network outage was a distributed denial of service (DDoS) attack – which is where hackers (or more typically their automated ‘botnets’) inundate host servers with a constant barrage of external communications requests, thus slowing or completely stalling a Web-based service, rendering it useless (or near useless).

But this was no April Fool's joke. In the case of DDoS attacks on business services, there are usually two main purposes for the attack: Very often, these attacks are perpetrated by a hacker (or hackers) who have been hired by one of the company's competitors to carry out the attack. Usually, the goal is to make the victim company's network appear vulnerable, thus eroding customer confidence in its security. This, in turn, can result in some customers seeking out the services of a competitor who claims to have a more secure system (or at least no public record of past attacks).

As you might imagine, this strategy doesn't work that well in market segments where there are a lot of competitors – but in ones where there are only a handful of players, such as the loan origination system market, it might be possible for a close competitor to severely damage another's reputation and steal away a significant number of customers. Think about how many Target customers Wal-Mart scooped up in recent months due to Target's security breach.

Sometimes, however, the purpose of such attacks is to create a distraction so that the hackers can simultaneously attack other systems – the so-called ‘multi-vector’ approach. Very often they're also looking to hack into a secure database for the purpose of extracting sensitive customer data. The DDoS attack serves as a ‘smokescreen’ – as the victim company's technical resources are working on the problem, the hackers' hope is that they've let down their guard, thus compromising the security of other systems. If a company's internal tech support team is ‘bare bones,’ it might have to throw all of its resources at the DDoS issue, potentially leaving other systems vulnerable. For example, tech support staff might not be aware that a security alert was triggered for a separate system.

(It should be noted that Ellie Mae, in its release, said there was no evidence of any data breach and confirmed that client data and personal borrower data remain secure.)

There are a host (pun intended) of other potential reasons why such attacks are carried out – for example, from what I understand, employee revenge is also a big one – and recent reports indicate that DDoS attacks have been on the rise lately. I'm certainly not an expert on network security or why such attacks are carried out. What I do know is that it is less likely for such attacks to be carried out for ‘mischief and mayhem’ – which is why everyone in the mortgage industry should be asking, ‘Why was Ellie Mae singled out on this one?’


Please enter your comment!
Please enter your name here