November 10, 2008

Web Attacks Increasing In Size And Power

Assailants set on closing down huge Web sites, even the operations that make up the backbone of the Internet, are setting themselves up with enormous digital fire hoses able to overpower the world's major networks.

In these assaults, computer networks are commandeered to create botnets that scatter haphazard bits of data in large streams across the Internet. The flood of information is supposed to close down Web sites and complete corporate networks.

Recognized as distributed denial of service, or DDOS, assaults, like cyberweapons, are regularly used in political and military clashes, like in Estonia in 2007 throughout a political brawl with Russia, and also in the Georgian-Russian conflict last year. These kinds of attacks are also used in blackmail attempts and political disagreements, in addition to all kinds of nasty misbehavior.

A study of the 70 biggest Internet operators in North America, South America, Europe and Asia discovered that malevolent attacks are increasing stridently and that separate attacks are growing more potent and complicated, according to the Worldwide Infrastructure Security Report.

This report is published yearly by Arbor Networks, a company located in Lexington, Massachusetts, and offers tools for observing network performance.

The investigation, released this Tuesday, indicates that the prime attacks have risen increasingly in size to over 40 gigabits, from less than half a megabit, in the last seven years. The principal network connections normally accessible today have 10 gigabits of data, implying that they can be beleaguered by the strong attackers.

The Arbor Networks investigators noted that a 40-gigabit attack occurred this year when two rival cybergangs began fighting over control of an online Ponzi plan.

"This was, initially, criminal-on-criminal crime though obviously the greatest damage was inflicted on the infrastructure used by the criminals," the network operator wrote.

The attack used a technique called reflective amplification, which permitted a diminutive number of assault computers to create a gigantic stream of data at a victim. The method used since 2006.

"We're definitely seeing more targeted attacks toward e-commerce sites," said Danny McPherson, chief security officer for Arbor Networks. "Most enterprises are connected to the Internet with a one-gigabit connection or less. Even a two-gigabit DDOS attack will take them offline."

Big network operators have attempted avoidance of the problem by structuring overload capacity into their networks, said Edward Amoroso, the chief security officer at AT&T. He compared the method to an oversized shock absorber, but noted that he is still worried about the escalating size of the attacks.

"We have a big shock absorber," he said. "It works, but it's not going to work if there's some Pearl Harbor event."

In general, the operators noted that they were becoming more competent in their responses to DDOS attacks due to enhanced partnership between service providers.

According to the Arbor Networks statement, the network operators indicate that the biggest botnets, which in some ways include millions of "zombie" computers, maintain "outpace containment efforts and infrastructure investment."

Regardless of a dramatic rise in the number of attacks, the percentage applied to law enforcement authorities decreased. The report indicated that 58 percent of the Internet service providers had seen no occurrences to law enforcement in the last year.


On the Net: