When armed conflict flared up between Russia and Georgia last summer, the smaller country also found itself subject to a crippling, coordinated Internet attack. An army of PCs controlled by hackers with strong ties to Russian hacking groups flooded Georgian sites with dummy requests, making it near impossible for them to respond to legitimate traffic. The attacks came fast and furious, at times directing 800 megabits of data per second at a targeted website.
This type of politically motivated Internet attack is becoming increasingly common, says Jose Nazario, manager of security research for Arbor Networks. “The problem is sweeping and has changed over the years,” Nazario said during a presentation at the security conference SOURCE Boston this week. He noted that the frequency of these attacks and the number of targets being hit have grown steadily over the past few years.
The type of attack aimed at Georgian sites is known as a distributed denial of service (DDoS). Targeted servers face an overwhelming number of requests from computers located all over the world. Sometimes these requests come from “zombie” computers that have been taken over by hackers, and sometimes they come from machines operated by individuals who have volunteered to help. Last summer, the targets included government servers, and those belonging to news outlets and to companies trying to defend against the attacks.
Arbor Networks uses several technologies to monitor DDoS attacks. The company provides network security tools to Internet service providers and large enterprises, and customers can choose to share data on traffic patterns to help identify attacks as they happen. Nazario says that this customer data covers about 80 percent of global Internet backbone traffic. Arbor’s researchers also use software tools to intercept commands that are intended for botnets, and they monitor Internet routing patterns for signs that an attack is taking place.
Nazario says that the bar for launching a DDoS attack has come down significantly in the past few years. Attacks aimed at Estonian sites in 2007 (during a time of political tension between this country and Russia) used botnets and scripts that weren’t easy for nontechnical people to employ. Now attackers can purchase tools such as Black Energy or NetBot Attacker (made by Russian and Chinese hackers, respectively) for less than $100 apiece. These kits give an attacker ready-made code and an easy-to-use interface to control a botnet. Attackers have even developed Web interfaces so that volunteers can more easily participate in an attack. Attacks are often coordinated in forums, Nazario says, and easy-to-use interfaces help boost participation.