KYC - Know your customer is a term most of us have heard when it comes to banking. What about Know your Provider.

I've been asked 100's of times over the past nearly 20 years "do DDoS companies launch attacks to drum up business?" I might have even asked the questions when I first started in the DDoS world. However, I suspect most times that the question was mostly in jest. There is a reason for the question though, people with inside knowledge of how something works in many fields are sometimes also the bad guys, we've heard about firefighters starting fires, law enforcement going rogue and spies acting as double agents.

Going back to my early days at internetMCI, before the merger with WorldCom, a group of us would sit and game out worse case attacks against our infrastructure, to make sure we were doing our best to protect our customers. Over the years conversations like this have happened many times in the office and at conferences with our peers, lamenting the likelihood of people with domain level expertise going bad. These mental exercises are the normal domain of security experts, in the physical world as well as the virtual world. You have likely heard of them expressed as Red teams/Blue teams or even as War Games. This level or preparedness is required to protect everyone when "bad things" happen.

As a network user, you have to count on us to protect you, but you also have to make sure you do your homework to know who we are, do some research into who your provider is, what have they done in the past, who do they work with, what does their professional history look like. It's a small community chances are you know someone who knows the people at the company you are choosing. We all have to stay vigilant.