User unfriendly: Simple interfaces for launching distributed denial-of-service attacks, like the one shown here, have made it easier to attack political enemies, says Jose Nazario, manager of security research for Arbor Networks.
Arbor Networks
Denial-of-service attacks are on the rise, research shows.
When armed conflict flared up between Russia and Georgia last summer, the smaller country also found itself subject to a crippling, coordinated Internet attack. An army of PCs controlled by hackers with strong ties to Russian hacking groups flooded Georgian sites with dummy requests, making it near impossible for them to respond to legitimate traffic. The attacks came fast and furious, at times directing 800 megabits of data per second at a targeted website.
This type of politically motivated Internet attack is becoming increasingly common, says Jose Nazario, manager of security research for Arbor Networks. "The problem is sweeping and has changed over the years," Nazario said during a presentation at the security conference SOURCE Boston this week. He noted that the frequency of these attacks and the number of targets being hit have grown steadily over the past few years.
The type of attack aimed at Georgian sites is known as a distributed denial of service (DDoS). Targeted servers face an overwhelming number of requests from computers located all over the world. Sometimes these requests come from "zombie" computers that have been taken over by hackers, and sometimes they come from machines operated by individuals who have volunteered to help. Last summer, the targets included government servers, and those belonging to news outlets and to companies trying to defend against the attacks.
Arbor Networks uses several technologies to monitor DDoS attacks. The company provides network security tools to Internet service providers and large enterprises, and customers can choose to share data on traffic patterns to help identify attacks as they happen. Nazario says that this customer data covers about 80 percent of global Internet backbone traffic. Arbor's researchers also use software tools to intercept commands that are intended for botnets, and they monitor Internet routing patterns for signs that an attack is taking place.
Nazario says that the bar for launching a DDoS attack has come down significantly in the past few years. Attacks aimed at Estonian sites in 2007 (during a time of political tension between this country and Russia) used botnets and scripts that weren't easy for nontechnical people to employ. Now attackers can purchase tools such as Black Energy or NetBot Attacker (made by Russian and Chinese hackers, respectively) for less than $100 apiece. These kits give an attacker ready-made code and an easy-to-use interface to control a botnet. Attackers have even developed Web interfaces so that volunteers can more easily participate in an attack. Attacks are often coordinated in forums, Nazario says, and easy-to-use interfaces help boost participation.
A new tool allows entire networks to be scanned efficiently for infection.
Doesn't this underscore the need for a new Internet, one that does not assume that the users are kindly scientists trading information?
Yes!, absolutely. the average home user, pawn of the botmasters, possesses firepower that they are incapable of controlling. We don't allow access to the highways without requiring a minimum level of competence (and a recently inspected vehicle), for the safety of all who use them. Why should we do less with this infrastructure? I've outlined one possible approach at someblackthoughts.com
Political DOS attacks already are occuring in US politics. One Tea Party information site has repeatedly been hit by a DOS attack. What we need is stronger investigation across geographical boundaries and much harsher penalties globally.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
phoenix
172 Comments
an alien invasion
Although there may not be any "collaterall damage", that a traditional ground war incurs, as this article suggests, the rogue factors who are launching these DOS attacks have already demonstrated an ability to do some major damage to any target which is dependent on the Internet to perorm their functions. What's next, holding entire countries at ransom by threatening to crash their electrical grids, or disrupting air traffic control systems? And, if we found a way to retaliate against these jerks, would the whole sorry mess just escalate right out of control?
Reply