BUSINESS TECHNOLOGY MEDIA COMPANY
Companies
Sectors
Security

DDoS attacks get bigger, smarter

Read time 5min 50sec
Recent weeks have seen a string of particularly serious DDoS attacks.
Recent weeks have seen a string of particularly serious DDoS attacks.

Crashing Web sites and overwhelming data centres, a new generation of cyber attacks is costing millions and straining the structure of the Internet.

While some attackers are diehard activists, criminal gangs or nation states looking for a covert way to hit enemies, others are just teenage hackers looking for kicks.

Distributed denial of service (DDoS) attacks have always been among the most common on the Internet, using hijacked and virus-infected computers to target Web sites until they can no longer cope with the scale of data requested, but recent weeks have seen a string of particularly serious attacks.

On 10 February, Internet security firm Cloudflare says it protected one of its customers from what might be the largest DDoS documented so far.

At its height, the near 400GBps assault was about 30% larger than the largest attack documented in 2013, an attempt to knock down anti-spam Web site Spamhaus, which is also protected by Cloudflare.

The following day, a DDoS attack on virtual currency Bitcoin briefly took down its ability to process payments.

On 20 February, Internet registration firm Namecheap said it was temporarily overwhelmed by a simultaneous attack on 300 of the Web sites it registers, and bit.ly, which creates shortened addresses for Web sites like Twitter, says it was also knocked out briefly in February.

In a dramatic case of extortion, social networking site Meetup.com said on Monday it was fighting a sustained battle against hackers who brought down the site for several days and were demanding $300 to stop. It would not pay, Meetup CEO Scott Heiferman told Reuters.

DDoS attacks were at the heart of attacks blamed on Russian hackers against Estonia in 2007 and Georgia during its brief war with Russia in 2008. It is unclear if they played a role in the current stand-off between Moscow and Ukraine in which communications were disrupted and at least one major government Web site knocked out for up to 72 hours.

ITWeb Security Summit 2014

A showcase for infosec thought leaders, featuring interactive workshops that provide intensive information for company executives, ITWeb Security Summit 2014 takes place from 27 to 29 May at the Sandton Convention Centre. Book your spot now.

A report this month by security firm Prolexic said attacks were up 32% in 2013, and a December study by the cyber-security-focused Ponemon Institute showed them now responsible for 18% of outages at US-based data centres from just 2% in 2010.

The average cost of a single outage was $630 000, it said.

"It's really a game of cat and mouse," said Jag Bains, CTO of Seattle-based DOSarrest, a firm that helps government and private-sector clients protect their sites.

"I'd like to say we are ahead, but I just don't think it's true."

As well as growing in volume, he said attacks were becoming much more sophisticated in targeting the most vulnerable parts of Web sites, making even a small attack much more effective.

The aims of attackers include extortion, political activism, providing distraction from data theft and, for "hobbyist" hackers, just testing and showcasing their skills, security experts say.

Other victims in recent months have included the Federal Bureau of Investigation, Royal Bank of Scotland and several major US banks, which analysts believe were targeted by Iran in response to sanctions. Iran denies the charge.

Hijacking, printers, smartphones

Many attacks, however, appear to be home-grown. The most popular point of origin for DDoS attacks in the last three months of 2013, Prolexic said, appeared to be the US, followed by China, Thailand, Britain and South Korea.

As well as hijacking computers, Prolexic said attackers are increasingly targeting smartphones, particularly those using Google's Android operating system, which by the third quarter of 2013 accounted for more than 80% of new phones.

Even wireless printers, experts say, have sometimes been co-opted into attacks, packed together in botnet groups. That, they warn, can put previously unprecedented cyber firepower in the hands of relatively unskilled hackers, who increasingly include teenagers.

Last year, British police arrested a 16-year-old as part of their investigations into the attack on Spamhaus, while German police arrested an 18-year-old after a DDoS attack paralysed the Saxony government Web site.

DDoSarrest says some of the most recent attacks it has dealt with were on US universities and largely blamed on students showing off or protesting against high tuition fees.

The sheer volume of attacks means many perpetrators are never traced, and some computer security experts complain law-enforcement authorities remain reluctant to prosecute the youngest offenders.

Until recently, DDoS attacks were seen less of a threat than attempts to steal customer data or intellectual property. That, however, is changing fast.

Slowing the Internet

Last year's Spamhaus attack was described by some as slowing the entire global Internet, and most experts agree the largest attacks can slow access across entire regions. Cloudflare says there were anecdotal reports of slowness in Europe during the latest attack.

Crashing data centres can wreak havoc with other services based there, including phone systems and vital industrial facilities.

The Ponemon report showed DDoS attacks are now the third largest cause of outages after power system failure and human error, outstripping traditional causes such as weather events.

Even if attacks do not succeed, the cost of mitigating them is rising fast, providing many millions of dollars of business for firms such as Cloudflare and Prolexic, taken over last month by Akamai Technologies for about $370 million.

Namecheap, which aims to offer cut-price hosting for Web sites, said it had already spread its data centres across five countries and three continents to better handle constant attacks but was still overwhelmed.

Attacks on that scale, Prolexic says, now occur several times a month and are now frequently so complex and fast-moving that automated systems can no longer tackle them.

Prolexic runs a permanently manned operation centre at its headquarters in Florida, allowing it to keep one step ahead and instantly move material between data centres.

"It's very hard to know what to do," said Alexander Klimburg, a cyber security expert at the Austrian Institute for International Affairs currently on exchange at Harvard Kennedy School of Government. "The tools to do this can be purchased online incredibly cheaply, while the damage they can do and the cost of mitigating it is exponentially higher."

Have your say