When Max Niebylski was 10 years old, like most kids, he spent his freetime playing the popular video game Minecraft. Unlike most kids, he and his friends would take turns coordinating cyberattacks to take down each others servers for fun.
Those same attacks in Minecraft that were once child’s play, Niebylski came to realize were also costly security threats businesses face everyday. He even suffered the effects firsthand after an app he launched in college fell victim to an attack technique known as Distributed Denial of Service (DDoS) that costs as little as $5 to carry out and has existed for over 20 years, plaguing the likes of Sony, Microsoft and Amazon.
But Niebylski’s decentralized solution to the problem, which attracted over $20 million through its Gladius initial coin offering last fall, was so personally exciting, it prompted the then-19-year-old to drop out of the University of Maryland to pursue his project full-time.
Unlike some crypto ventures that lack any real fundamental reason for tokens or decentralization, Gladius is unique in that decentralization is very much at the heart of why the project has caught the attention of people familiar with these attacks known as DDoS. Mainly, it lets everyday internet users “rent” out their unused bandwidth to make money on the side. If it sounds like another crowdsourcing startup or dare we say, “Uber for bandwidth,” it’s because it is.
“You’re at work for eight hours a day, you’re asleep for another eight hours a day, that’s 16 hours you’re not using your home internet connection,” he said on Yahoo Finance’s Morning Meeting. “So it makes sense to kind of you know, sell that in a sense or rent it out to a website that needs it.”
Fighting decentralization with decentralization
First, it’s important to appreciate what businesses are up against. In DDoS attacks, a cybercriminal sends an overwhelming amount of traffic to a specific IP address to take a site or a server offline. In the early days of the internet, a simple example would have included having friends from various computers refresh the same site at the same time until it crashed. Today, operatives would more simply use a “botnet,” or network of computers or internet-enabled devices, to carry out an attack by sending an overload of traffic to a specific site.
Yet, for as simple as they seem, DDoS attacks can be an expensive threat for businesses that have fallen victim to one. According to a Kaspersky Lab survey, the cost of responding to a DDoS attack for enterprises jumped from $1.6 million in 2016 to $2.3 million in 2017. That number grows if you account for lost revenue as a result of a company’s site being down.
The real problem, however, lies in the fact that the costs to launch an attack is overwhelmingly less expensive. For about $20, a cybercriminal could buy a botnet with enough firepower to take a site down for an hour, according to Kaspersky Lab.
Niebylski hopes Gladius can help mitigate that price discrepancy by instead leveraging people’s unused bandwidth. Thus, a company experiencing an attack would be able to “offload” incoming traffic and users or enterprises renting their spare bandwidth to the cause would earn cryptocurrency in the form of Gladius tokens as repayment. From what Niebylski’s seen from users downloading the Gladius software on their systems through the company’s beta, he says individuals could earn anywhere from $2 worth of Gladius tokens, at current market value, a month to over $100 worth of Gladius tokens, depending on demand as the project grows.
“As we roll out and have more websites on board, our goal is to have users offset their entire internet bill,” he said, adding that getting started with Gladius was built with his less tech-savvy parents in mind. The ease of downloading the software and installing it on a computer was purposely built to avoid alienating non-technical users.
It’s ‘an entry-level solution’
There are, however, concerns that users might want to consider before playing a role in alleviating a DDoS attack, according to Colorado State computer science professor Christos Papadopoulos, who has also worked with the Department of Homeland Security on DDoS mitigation techniques.
“For starters, you might make your internet service providers, like Comcast, very angry,” he said. “If you participate enough, you might also make yourself a target for an attack yourself by revealing your IP address to a potential attacker.”
He also points out that the mitigation techniques aren’t all that dissimilar from what’s offered by Amazon Web Services or cloud protection companies like Cloudflare, but concedes the ability for normal internet consumers to profit in the space is novel.
“What this company is doing is essentially a crowdsourced approach, sourcing IP addresses from various other people,” Papadopoulos said. “It’s an entry-level solution. For smaller companies that might want DDoS protection it might work if they can tolerate variable amounts of delay… but I find it hard to believe that this project can offer any performance guarantees.”
Gladius has taken at least initial steps to address some of those concerns. For starters, the company bolstered its ranks with two tech executives, one from Goldman Sachs, the other from Incapsula Imperva, a leading DDoS mitigation provider. The Washington D.C.-based team of 14 employees also announced a partnership in August with Andreessen Horowitz-backed cloud company DigitalOcean, which hosts millions of web apps and sites on its serves, to leverage network speed and integrate its security software.
Zack Guzman is a senior writer and on-air reporter covering entrepreneurship, startups, and breaking news at Yahoo Finance. Follow him on Twitter @zGuz.