Wednesday, March 05 12:09:24
Crashing websites and overwhelming data centres, a new generation of cyber attacks is costing millions and straining the structure of the Internet.
While some attackers are diehard activists, criminal gangs or nation states looking for a covert way to hit enemies, others are just teenage hackers looking for kicks.
Distributed Denial of Service (DDoS) attacks have always been among the most common on the Internet, using hijacked and virus-infected computers to target websites until they can no longer cope with the scale of data requested, but recent weeks have seen a string of particularly serious attacks.
On Feb. 10, internet security firm Cloudflare says it protected one of its customers from what might be the largest DDoS documented so far.
At its height, the near 400 gigabyte per second (gbps) assault was about 30 percent larger than the largest attack documented in 2013, an attempt to knock down antispam website Spamhaus, which is also protected by Cloudflare.
The following day, a DDoS attack on virtual currency Bitcoin briefly took down its ability to process payments.
On Feb. 20, Internet registration firm Namecheap said it was temporarily overwhelmed by a simultaneous attack on 300 of the websites it registers, and bit.ly, which creates shortened addresses for websites like Twitter, says it was also knocked out briefly in February.
In a dramatic case of extortion, social networking site Meetup.com said on Monday it was fighting a sustained battle against hackers who brought down the site for several days and were demanding $300 to stop. It would not pay, Meetup CEO Scott Heiferman told Reuters.
DDoS attacks were at the heart of attacks blamed on Russian hackers against Estonia in 2007 and Georgia during its brief war with Russia in 2008. It is unclear if they played a role in the current stand-off between Moscow and Ukraine in which communications were disrupted and at least one major government website knocked out for up to 72 hours.
A report this month by security firm Prolexic said attacks were up 32 percent in 2013, and a December study by the cyber-security-focused Ponemon Institute showed them now responsible for 18 percent of outages at U.S.-based data centres from just 2 percent in 2010.
The average cost of a single outage was $630,000, it said.
"It's really a game of cat and mouse," said Jag Bains, chief technology officer of Seattle-based DOSarrest, a firm that helps government and private-sector clients protect their sites.
"I'd like to say we are ahead, but I just don't think it's true."
As well as growing in volume, he said attacks were becoming much more sophisticated in targeting the most vulnerable parts of websites, making even a small attack much more effective.
The aims of attackers include extortion, political activism, providing distraction from data theft and, for "hobbyist" hackers, just testing and showcasing their skills, security experts say.
Other victims in recent months have included the Federal Bureau of Investigation, Royal Bank of Scotland and several major U.S. banks, which analysts believe were targeted by Iran in response to sanctions. Iran denies the charge. (Reuters)