Monday, December 20, 2010

Defending Against Hacker Attacks


Another interesting article in the Boston Globe, by the wonderful Hiawatha Bray, about companies whose business is defending against distributed denial of service attacks, as well as other internet attacks. Denial of Service attacks (DDS attacks) essentially seek to overwhelm the victim's resources by sending so many requests simultaneously that the victim's computers cannot respond to legitimate requests, and crash, or simply slow too much to be useful. The attacker assembles a zombie like army called a botnet by sending a code to random computers via e-mail attachments or a computer worm. The botnet computers then work together to send out the DDS attack in a coordinated way. The owners of the botnet computers may never know their computers were involved. OOTJ readers probably remember when Google publicized its attack by hackers from the People's Republic of China. Twitter and Facebook have also been attacked, and as former supporters of Wikileaks have withdrawn financial support, they are facing similar attacks from outraged Wikileak friends.

The article in the Globe seriously (and perhaps intentionally) oversimplifies the matter of defending against DDOS attacks. The primary defense appears to be providing a large enough number of alternative servers to soak up the attacks. Quoting from the article:

Akamai relied on the simplest defense: a network of servers and data lines with such huge capacity that it can’t be overwhelmed by such an attack.

“If your pipe is bigger than their pipe, you win,’’ said Bruce Schneier, chief security technology officer at the British telecom giant BT Group.

The biggest DDOS attack ever to hit an Akamai customer occurred on July 4, 2009, when several US government sites were attacked by a botnet based in South Korea. But that attack generated a stream of data equal to just 4 percent of Akamai’s average daily traffic load, and was easily absorbed.

The data traffic aimed at the five Internet retailers equaled less than half of 1 percent of Akamai’s daily load and was barely noticed.

Akamai’s robust network may have also helped protect Internet retailer Amazon.com from online vandalism.

A group calling itself Anonymous posted Twitter messages that took credit for bringing down the Visa and MasterCard sites, saying the attacks were revenge for the credit card companies’ refusal to do business with the website WikiLeaks, which had published secret US government documents.

Anonymous said that Amazon, which had also cut ties to WikiLeaks, would be the next target. But within hours, Anonymous dropped the idea, posting that “The Hive isn’t big enough to attack Amazon.’’
It could be that this is the current state of the art. Just six years ago, a lengthy article by Cisco presented the difficulties in defending against DDOS attacks in 7 Internet Protocol Journal 4 with many more defense options. But six years is an eon in this field. Akamai's website does actually talk about more than offering a wider pipe. And other DDoS protection firms detail other security measures they offer as well: BlockDOS mentions adaptive filtering, deep packet inspection and flexible content filtering among several other types of filtering as methods of protecting clients servers from attack. Arbor Networks, another DDoS protection firm mentioned in the Globe article also lists a variety of security services beyond enlarging the "pipe:" protecting DNS architecture (I wish Comcast would sign up with them!), leverage IP flow for peak network visibility (I think they mean making the most of the available hardware), and more.

It's becoming a new industry to protect against the attacks. We already have security services for our computers like anti-virus providers McAfee or Symantec and hosts of others. Now there is a burgeoning industry for professional protection against DDoS attacks and more -- theft of information from the databanks, for instance, and other nightmares. It won't be long before universities become clients of these firms. The interesting thing is that the folks who developed the protections often haled originally from the ranks of the hackers who developed the problems. It takes a hacker to catch a hacker. Though hacker is a mutable term -- ignorant outsiders often misunderstand the term. Hackers are not necessarily troublemakers. Black hats and white hats are better distinguishing terms. Which is why I am decorating this post with those images.

No comments: