 |
| (Photo: Network Box USA) |
SEATTLE – A distributed denial-of-service, or DDos,attack has long been a way to make a political statement or commit extortion against the owners and operators of a public-facing website.
Such an attack makes a website inaccessible to the intended users, usually by inundating the targeted websites with nuisance data exchanges.
That's the simple explanation.
The DDos attacks that have recently disrupted South Korean media companies, SpamHaus, Wells Fargo and American Express show how sophisticated attackers have become.
The hacktivists seeking to disrupt the online banking services of U.S. financial institutions have been using corrupted web servers to swarm targeted websites with nuisance traffic, says Paul Ferguson, vice president of threat intelligence at security firm Internet Identity.
In addition to overwhelming the multi-million dollar defense systems of Wells Fargo and Amex this week, the same group of attackers is believed responsible for temporarily crippling the consumer websites of JP Morgan Chase, Bank of America, Citibank and SunTrust last fall.
The use of web servers to conduct the attacks is distinctive, says Ferguson.
"The methodology is different than what we normally see," Ferguson says. "These are legitimate websites that have been compromised and now hosts scripts that the attackers have put there to originate this attack traffic going at the banks."
It has been more common for hacktivists, particularly those associated with the Anonymous hacking collective, to launch attacks using the home PCs owned by volunteer sympathizers.
A tool called the Low Orbit Ion Canon acts as a hub from which volunteers can direct nuisance traffic to the targeted website of the moment. Another tried-and-true attack method, involves the involuntary use of thousands of infected home PCs, known as a botnet, under the control of a single bad guy controller. This is the method that if typically used to extort payments from gambling websites taken offline by a DDos attack just before a major sporting event.
In the case of the attacks on the U.S. financial sector, the hacktivists went to the trouble of assembling a specialized botnet comprised of corrupted website computer servers they control. The result: a botnet on steroids.
"A botnet attack is hard to repel because you have hundreds of thousands of workstations, dispersed all around the world, all attacking you at the same time. It's a barrage from every direction," says Pierluigi Stella, CTO of Network Box USA. "With a website server attack, rather than controlling a million PCs, the hacker is controlling a few web servers, each with the physical capacity of thousands of workstations. So it is like a concentrated botnet, that's more efficient, easier to control and and more lethal."
In the SpamHaus assault, the attackers used yet another completely different – though just as lethal – approach, referred to as a DNS amplification attack. The attacker essentially fools the domain name system that help route data traffic across the Inernet into sending a large response to spoofed requests that appear to originate from the targeted website.
"These DNS attacks are 'response' attacks," says David Gibson, vice president of strategy at Varonis Systems. "Amplified response attacks are both harder to track down and more efficient than stimulus-based attacks."
Bill Conner, President & CEO Entrust, adds: "In this case, the bad guys know about open DNS servers on the Iternet, and can make the server respond and send data to an address of their choice."
No comments:
Post a Comment