About two years ago, I witnessed an Anonymous operation unfold, in which a commercial company was targeted. The threat, in the form of a solemn YouTube production, was of course taken very seriously. The entire hosting infrastructure was upgraded, various security solutions were put in place, and an all-hands-on-deck policy was implemented.

What followed were two very anti-climactic 1Gbps blips, each just a minute long. And then calm. Afterwards, everything was back to normal.

It seems the narrative of these threatened DDoS attacks (such as OpUSA, OpIsrael) mostly go like this: the threat, subsequent frenzy and expenditure to protect against the attack, and finally the low impact of the actual attack. Still, organizations take these attack threats seriously, shuffling priorities and changing focus to meet the threat. No one wants to be the one to have ignored the threat, and thus be blamed for a humiliating and expected…