Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, May 01, 2009

Experts Chart Spike in Cyber Sieges

Cyber attacks with enough firepower to knock entire countries off the Internet have spiked in recent months, raising fresh concerns within the security community about weaknesses in the Internet infrastructure that help create such weapons of mass disruption.  These “distributed denial of service” or DDoS attacks use robot networks or “botnets”—many hundreds or thousands of compromised PCs—to flood targets with so much junk traffic that they can no longer accommodate legitimate visitors.  While DDoS attacks have been a common threat since the dawn of the commercial Internet, DDoS watchers, such as Arbor Networks, have tracked a recent spike in the number, sophistication and size of attacks against major Internet providers.  Attackers also appear to be picking bigger targets.

“We’ve certainly seen in last 120 days an uptick in critical infrastructure impacting attacks,” said Danny McPherson, Arbor’s chief security officer.

Paul Lappas, vice president of engineering for GoGrid, said the attack came from thousands of severs around the Web, and targeted every last one of his company’s Internet addresses.

On April 1, attackers struck, a Web hosting provider that also is one of the Internet’s largest domain name registrars.  The attack came in fits and starts, and disrupted service intermittently for millions of customers for several days.

On April 6 and 7, The Planet, the world’s largest privately held dedicated Web hosting provider, that serves more than 15 million Web sites, was hit by what the Houston-based company called a “massive” DDoS attack.

That same week, a concerted DDoS attack struck Telefonica in Brazil, an Internet service provider that provides Web connectivity to more than 2.1 million Brazilians.

In most cases, the attacks go unnoticed, either because the target pays the ransom or quickly hires companies that specialize in fending off the assaults.  “Attackers like to illustrate their firepower of their botnets, and sometimes when you see these attacks that target large numbers of users, they are often just a demonstration,” McPherson said.  “They are becoming more successful because we’re reading about them a lot more in the press than we did in the past,” Silva said.

DNS is akin to the white pages of the Internet, translating Web site names like into numeric addresses that are easier for computers to find.  The machines that handle that translation, known as DNS servers, are the unseen workhorses responsible for routing everything from Web searches to e-mail and instant messaging.  “This is usually fine, until that organization comes under an attack on those DNS servers.”  Also, the global DNS system doesn’t yet have a widely deployed system for determining when someone requesting the location of a site is fibbing about his or her own location.

SharkTech owner Tim Timrawi said his business was knocked offline for five hours from a DNS attack that heaved more than 20 gigabits of traffic per second at his company’s servers, or roughly the equivalent of the data contained in about 5,000 novels sent digitally every second.  “Imagine if someone using the U.S. mail sent a small letter to a company requesting a brochure of their information, but that person wrote your address as the return address.

Arbor’s McPherson said there are number of things that can be done to diminish the effectiveness of DDoS attacks, but that most require ISPs to do a better job adopting long-established Internet best practices, such as those that call on network providers to filter out incoming Web traffic that appears to be spoofed.

Posted on 05/01