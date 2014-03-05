* February saw likely biggest recorded DDoS attack
* Attacks up 32 percent in 2013, sophistication grows
* Now behind some 18 percent of U.S. data centre failures
By Peter Apps
LONDON, March 5 Crashing websites and
overwhelming data centres, a new generation of cyber attacks is
costing millions and straining the structure of the Internet.
While some attackers are diehard activists, criminal gangs
or nation states looking for a covert way to hit enemies, others
are just teenage hackers looking for kicks.
Distributed Denial of Service (DDoS) attacks have always
been among the most common on the Internet, using hijacked and
virus-infected computers to target websites until they can no
longer cope with the scale of data requested, but recent weeks
have seen a string of particularly serious attacks.
On Feb. 10, internet security firm Cloudflare says it
protected one of its customers from what might be the largest
DDoS documented so far.
At its height, the near 400 gigabyte per second (gbps)
assault was about 30 percent larger than the largest attack
documented in 2013, an attempt to knock down antispam website
Spamhaus, which is also protected by Cloudflare.
The following day, a DDoS attack on virtual currency Bitcoin
briefly took down its ability to process payments.
On Feb. 20, Internet registration firm Namecheap said it was
temporarily overwhelmed by a simultaneous attack on 300 of the
websites it registers, and bit.ly, which creates shortened
addresses for websites like Twitter, says it was also knocked
out briefly in February.
In a dramatic case of extortion, social networking site
Meetup.com said on Monday it was fighting a sustained battle
against hackers who brought down the site for several days and
were demanding $300 to stop. It would not pay, Meetup CEO Scott
Heiferman told Reuters.
DDoS attacks were at the heart of attacks blamed on Russian
hackers against Estonia in 2007 and Georgia during its brief war
with Russia in 2008. It is unclear if they played a role in the
current stand-off between Moscow and Ukraine in which
communications were disrupted and at least one major government
website knocked out for up to 72 hours.
A report this month by security firm Prolexic said attacks
were up 32 percent in 2013, and a December study by the
cyber-security-focused Ponemon Institute showed them now
responsible for 18 percent of outages at U.S.-based data centres
from just 2 percent in 2010.
The average cost of a single outage was $630,000, it said.
"It's really a game of cat and mouse," said Jag Bains, chief
technology officer of Seattle-based DOSarrest, a firm that helps
government and private-sector clients protect their sites.
"I'd like to say we are ahead, but I just don't think it's
true."
As well as growing in volume, he said attacks were becoming
much more sophisticated in targeting the most vulnerable parts
of websites, making even a small attack much more effective.
The aims of attackers include extortion, political activism,
providing distraction from data theft and, for "hobbyist"
hackers, just testing and showcasing their skills, security
experts say.
Other victims in recent months have included the Federal
Bureau of Investigation, Royal Bank of Scotland and
several major U.S. banks, which analysts believe were targeted
by Iran in response to sanctions. Iran denies the charge.
HIJACKING PRINTERS, SMARTPHONES
Many attacks, however, appear to be homegrown. The most
popular point of origin for DDoS attacks in the last three
months of 2013, Prolexic said, appeared to be the United States,
followed by China, Thailand, Britain and South Korea.
As well as hijacking computers, Prolexic said attackers are
increasingly targeting smartphones, particularly those using
Google's Android operating system, which by the third
quarter of 2013 accounted for more than 80 percent of new
phones.
Even wireless printers, experts say, have sometimes been
co-opted into attacks, packed together in botnet groups. That,
they warn, can put previously unprecedented cyber firepower in
the hands of relatively unskilled hackers, who increasingly
include teenagers.
Last year, British police arrested a 16-year-old as part of
their investigations into the attack on Spamhaus, while German
police arrested an 18-year-old after a DDoS attack paralysed the
Saxony government website.
DDoSarrest says some of the most recent attacks it has dealt
with were on U.S. universities and largely blamed on students
showing off or protesting against high tuition fees.
The sheer volume of attacks means many perpetrators are
never traced, and some computer security experts complain
law-enforcement authorities remain reluctant to prosecute the
youngest offenders.
Until recently, DDoS attacks were seen less of a threat than
attempts to steal customer data or intellectual property. That,
however, is changing fast.
SLOWING THE INTERNET
Last year's Spamhaus attack was described by some as slowing
the entire global Internet, and most experts agree the largest
attacks can slow access across entire regions. Cloudflare says
there were anecdotal reports of slowness in Europe during the
latest attack.
Crashing data centres can wreak havoc with other services
based there, including phone systems and vital industrial
facilities.
The Ponemon report showed DDoS attacks are now the third
largest cause of outages after power system failure and human
error, outstripping traditional causes such as weather events.
Even if attacks do not succeed, the cost of mitigating them
is rising fast, providing many millions of dollars of business
for firms such as Cloudflare and Prolexic, taken over last month
by Akamai Technologies for about $370 million.
Namecheap, which aims to offer cut-price hosting for
websites, said it had already spread its data centres across
five countries and three continents to better handle constant
attacks but was still overwhelmed by the roughly 100 Gbps
incident.
Attacks on that scale, Prolexic says, now occur several
times a month and are now frequently so complex and fast moving
that automated systems can no longer tackle them.
Prolexic itself runs a permanently manned operation centre
at its headquarters in Florida, allowing it to keep one step
ahead and instantly move material between data centres.
"It's very hard to know what to do," said Alexander
Klimburg, a cyber security expert at the Austrian Institute for
International Affairs currently on exchange at Harvard Kennedy
School of Government. "The tools to do this can be purchased
online incredibly cheaply, while the damage they can do and the
cost of mitigating it is exponentially higher."