Biggest Cyber Attack In History' Could Have Been Carried Out With Just A Laptop

There’s no better place than the Internet for
minimal damage to swirl into an epic disaster. A
skirmish between the anti-spam organization
Spamhaus and a Dutch web-hosting firm has
ranked as the biggest known distributed denial
of service (DDoS) attack, and reportedly slowed down global internet speeds. Anyone that has
had difficulty getting to familiar websites
recently may have been caught up in the cross
fire. DDoS attacks are among the most common
attacks to take place between cyber punks with
an axe to grind, and involve overloading a target
site with so much traffic that it is taken offline.
This latest attack however, is unique in taking up
an extraordinary amount of bandwidth. Five national police forces are already investigating
it, according to BBC News, and the attack is still
ongoing. To put some numbers to that, average-sized
DDoS attacks observed by cyber security
researchers at Kaspersky Labs in 2011 saw data
speeds of 70 megabits per second. The latest
attacks on Spamhaus saw speeds hundreds of
times that, at 300 billion bits per second, or 300 Gbps. Prolexic, the biggest anti-DDoS company
out there, has said it can halt attacks that reach a
maximum 100 Gbps. CloudFlare, the hosting
company that helped mitigate the attack, calls it
“the DDoS that almost broke the Internet.” What’s surprising is that carrying out an attack
of this magnitude does not require expensive
resources or even significant programming
expertise. A laptop and internet connection can
be all you need. The method is known as DNS
amplification, and is something that cyber security experts have known about for some
time. “I’m surprised it’s taken this long,”
says Alan Woodward, a cyber security professor
at the University of Surrey. “The technique of
DNS amplification has been around since 2006.” Chester Wisniewski of security firm Sophos
agrees. “We’ve all been speculating about this
for 10 years, wondering why no one had done it
and crossing our fingers.” The attack works by pinging, or making an
enquiry, to a DNS, or name server. The
server then sends back an answer with perhaps
100 times more data than the original query.
The trick comes in spoofing your computer as
originator so that the “answer” goes to a different target. That data can then be amplified
by 1,000 or if those original enquiries are made
through a botnet, or network of infected
computers. ” Attackers would most likely exploit the DNS
servers of hosting companies because they have
a bigger data pipe. As such, big hosting
companies like RackSpace and Amazon will
almost certainly boost their monitoring to
ensure their virtual servers aren’t participating in the Spamhaus attack. “
Anyone that rents out virtual servers could be
inadvertently participating,” says Wisniewski. The attack on Spamhaus was so big because the
organization had spread its infrastructure over
20 countries. On March 18 it called CloudFlare
to help bring its site back online. CloudFlare has
since blamed open DNS resolvers for the attack
being successful, by being open to manipulation: “Open DNS resolvers are the scourge of the
Internet and these attacks will become more
common and large until service providers take
serious efforts to close them,” the company’s
CEO Matthew Prince said in a blog post. Cyber security experts are calling the attack a
“wake-up call” for service providers to fix the
world’s vulnerable DNS servers. “What it shows
is that if this was ever done in a really concerted
way, it could have an effect on the web’s
infrastructure itself,” said Woodward. CloudFlare’s observations of the attack showed
that the perpetrators were harnessing the power
of several servers, but with relatively small
botnets. “If you had a really large botnet, you
could throw everything at this,” said Wisniewski.
“You could take down the whole Internet.” This doesn’t seem to be the intention of
Cyberbunker, the Dutch web hosting firm that
has taken credit for launching the attack. It
appears to be taking revenge against Spamhaus
because the organization recently added
Cyberbunker to its blacklist of spammers. Spamhaus’ blacklists are well-regarded by the
industry and adding Cyberbunker could spell a
big drop in traffic for the hosting firm. How to stop an attack like this? If police manage
to get into Cyberbunker’s bunker (it really is
housed in a former nuclear bunker), the attack
could continue so long as the perpetrators have
an Internet connection. This could mean it is up
to Internet service providers like TeliaSonera or Verizon take action by cutting their connection
— this has happened in the past, but apparently
not yet in this case. As for the vulnerable underpinnings of the web,
there are hundreds of thousands of DNS servers
being manned across the world by corporations,
government agencies and other organizations,
and more than half are mis-configured, says
Wisniewski. These means they are vulnerable to abuse, or being roped into an DNA
amplification attack just like this one. “I believe the scale of this could be much larger
now that this is happened,” he adds. “It’s proof
of concept. I wouldn’t be surprised if it were to
happen again.”

Leave a Reply

%d bloggers like this: