When armed conflict flared up between Russia and Georgia last summer, the smaller country also found itself subject to a crippling, coordinated Internet attack. An army of PCs controlled by hackers with strong ties to Russian hacking groups flooded Georgian sites with dummy requests, making it near impossible for them to respond to legitimate traffic. The attacks came fast and furious, at times directing 800 megabits of data per second at a targeted website.
This type of politically motivated Internet attack is becoming increasingly common, says Jose Nazario, manager of security research for Arbor Networks. “The problem is sweeping and has changed over the years,” Nazario said during a presentation at the security conference SOURCE Boston this week. He noted that the frequency of these attacks and the number of targets being hit have grown steadily over the past few years.
The type of attack aimed at Georgian sites is known as a distributed denial of service (DDoS). Targeted servers face an overwhelming number of requests from computers located all over the world. Sometimes these requests come from “zombie” computers that have been taken over by hackers, and sometimes they come from machines operated by individuals who have volunteered to help. Last summer, the targets included government servers, and those belonging to news outlets and to companies trying to defend against the attacks.
Arbor Networks uses several technologies to monitor DDoS attacks. The company provides network security tools to Internet service providers and large enterprises, and customers can choose to share data on traffic patterns to help identify attacks as they happen. Nazario says that this customer data covers about 80 percent of global Internet backbone traffic. Arbor’s researchers also use software tools to intercept commands that are intended for botnets, and they monitor Internet routing patterns for signs that an attack is taking place.
Nazario says that the bar for launching a DDoS attack has come down significantly in the past few years. Attacks aimed at Estonian sites in 2007 (during a time of political tension between this country and Russia) used botnets and scripts that weren’t easy for nontechnical people to employ. Now attackers can purchase tools such as Black Energy or NetBot Attacker (made by Russian and Chinese hackers, respectively) for less than $100 apiece. These kits give an attacker ready-made code and an easy-to-use interface to control a botnet. Attackers have even developed Web interfaces so that volunteers can more easily participate in an attack. Attacks are often coordinated in forums, Nazario says, and easy-to-use interfaces help boost participation.
Steven Bellovin, a professor of computer science at Columbia University who researches network security, agrees that politically motivated DDoS attacks are becoming more common. He says the reason is that they are becoming easier to launch and more effective. “You can’t launch a DDoS attack against an enemy who isn’t dependent on the Net,” Bellovin says. “You also can’t launch one unless you have adequate network resources.”
A big problem with these politically motivated attacks, according to Nazario, is that it’s particularly hard to pinpoint who is really responsible. While it’s easy to determine which botnet is the source of an attack, it’s far harder to determine who might be paying for the attack. This is a big worry for governments looking for redress or retaliation, he adds.
Currently, the procedure for defending against DDoS attacks involves shutting off traffic from the attacker as close as possible to the source, and carefully managing Internet traffic heading for the target. This can sometimes be a delicate political process, however. Governments can hire experts and buy tools to help them deal with an attack, but smaller organizations, such as newspapers, might need to turn to their Internet service providers for help. “The technology’s there–it’s just a matter of getting access to it,” Nazario says.
While Nazario says that denial-of-service attacks can be serious, he adds that it’s important to keep them in perspective in the context of warfare. “It doesn’t compare to people dying on the ground,” he says.