DDoS Attacks Are Back and Bigger Than Before

DDoS Attacks Are Back and Bigger Than Before

Distributed denial-of-service (DDoS) attacks are certainly nothing new. Companies have suffered the scourge since the beginning of the digital age. But DDoS seems to be finding its way back into headlines in the past six months, in thanks to some high-profile targets and, experts say, two important changes in the nature of the attacks.

The targets are basically the same -- private companies and government websites. The motive is typically something like extortion or to disrupt the operations of a competing company or an unpopular government. But the ferocity and depth of the attacks have snowballed, thanks in large part to the proliferation of botnets and a shift from targeting ISP connections to aiming legitimate-looking requests at servers themselves.

In fact, said Andy Ellis, CSO of Cambridge, Mass.-based Akamai Technologies (AKAM), the botnets launching many of today's DDoS attacks are so vast that those controlling them probably lost track of how many hijacked machines they control a long time ago. (Listen to the full interview with Ellis in The Long, Strange Evolution of DDoS Attacks.)

Ellis has been watching the trend from a pretty good vantage point. Many people use Akamai services without even realizing it. The company runs a global platform with thousands of servers customers rely on to do business online. The company currently handles tens of billions of daily Web interactions for such companies as Audi, NBC, and Fujitsu, and organizations like the U.S. Department of Defense and NASDAQ. There's rarely a moment -- if at all -- when an Akamai customer IS NOT under the DDoS gun.

"We see a lot less of the fire-and-forget malware-based attacks designed to bog down the machines that were infected," Ellis said, referring to old-school worm attacks like Blaster, Mydoom and Code Red. "Now the malware is used to hijack machines for botnets and the botnets themselves are used as the weapon."

In the last year, Akamai has seen some of the largest DDoS attacks in recent memory, which Ellis described as "huge attacks of more than 120 gigabytes per second." If you are on the receiving end of that much punch, Ellis said, "It's not a pleasant place to be."

McAfee report: Cybercrime is the new cyberwar zone

Organised Internet-based crime has reached such intensity and scale that the distinction between cybercrime and cyberwar is being blurred, security giant McAfee said in its annual Virtual Criminology Report.

McAfee Inc., based in Santa Clara, Calif., is the world's largest dedicated security technology company. The report's findings come less than a month after the United States ran a nationwide campaign to raise awareness of cybercrime risks among individuals and businesses.

"Is the age of cyberwar at hand?" McAfee asked in the report, citing evidence that countries hostile to industrial democracies are involved in some of the more serious and sustained cybercrime. In response, McAfee said, "nation-states are arming themselves for the cyberspace battlefield."

The number of reports of cyberattacks and network infiltrations that appear to be linked to nation-states and political goals continues to increase, McAfee said.

"There is active debate as to when a cyberattack reaches the threshold of damage and disruption to warrant being categorized as cyberwarfare," said the report.

"With critical infrastructure as likely targets of cyberattacks, and private company ownership of many of the information systems in these sectors, private companies will likely be caught in the crossfire," the report warned.

McAfee CEO Dave DeWalt said, "Experts disagree about the use of the term 'cyberwar,' and our goal at McAfee is not to create hype or stoke unwarranted fear. But our research has shown that while there may be debate over the definition of cyberwar, there is little disagreement that there are increasing numbers of cyberattacks that more closely resemble political conflict than crime.

"We have also seen evidence that nations around the world are ramping up their capabilities in cyberspace, in what some have referred to as a cyber arms race.

"If cyberspace becomes the next battleground, what are the implications for the global economy and vital citizen services that rely upon the information infrastructure?" DeWalt asked. "What should those of us outside the military do to prepare for the next wave of cyberattacks?"

McAfee believes the private sector at large needs to prepare for cyberattacks, and "those businesses that can weather the storm better than their competitors could be in a position to gain considerable market share."

McAfee also called for greater transparency in current discussions on combating cybercrime. The report said, "Too much of the debate on policies related to cyberwar is happening behind closed doors."

Analysts said although the Obama administration rectified this by bringing the cybercrime debate into the open, many other countries in the industrialized world still insist on confidentiality over the issue.

Industry sources believe criminal organizations have built alliances with adversarial governments that seek to achieve military or political advantage over democracies in the West, Asia, Latin America and elsewhere.

So intense is the interaction between cybercriminality and hostile governments that the distinction between cybercrime and cyberwar is increasingly blurred.

"The line between cybercrime and cyberwar is blurred today in large part because some nation-states see criminal organizations as useful allies. Nation-states have demonstrated that they are willing to tolerate, encourage or event direct criminal organizations and private citizens to attack enemy targets."

In the case of the cyberattacks on Georgia, for example, civilians carried out the cyberattacks on targets while the Russian military invaded Georgia by land and air in August 2008. There is evidence that these civilians were aided and supported by Russian organized crime, as cited in a report by the U.S. Cyber Consequences Unit, an independent research institute.

Russia denied that its government or military provided any help to the attackers or communicated with them. Yet the same US-CCU report found that "the cyberattacks were so close in time to the corresponding military operations that there had to be close cooperation between people in the Russian military and the civilian cyberattackers," McAfee said.

In a sobering conclusion, McAfee said, "While experts may disagree on the definition of cyberwar, there is significant evidence that nations around the world are developing, testing and in some cases using or encouraging cyber means as a method of obtaining political gain."

Although much of that activity is shrouded in secrecy, "there is already a constant, low level of conflict occurring in cyberspace. Whether these attacks are labeled as cyber espionage, cyber activism, cyber conflict or cyberwar, they represent emerging threats in cyberspace that exist outside the realm of cybercrime."

The report said "international cyber conflict has reached the tipping point where it is no longer just a theory, but a significant threat that nations are already wrestling with behind closed doors. The impact of a cyberwar is almost certain to extend far beyond military networks and touch the globally connected information and communications technology infrastructure upon which so many facets of modern society rely.

"With so much at stake, it is time to open the debate on the many issues surrounding cyber warfare to the global community," said the report.

China: Ramps up Cyberwar against USA

A US government report warned Thursday that China is sharply stepping up espionage against the United States as the rising Asian power invests in cyber warfare and grows more sophisticated in recruiting spies.

"China is changing the way that espionage is being done," said Carolyn Bartholomew, the chair of the US-China Economic and Security Review Commission.

In its wide-ranging annual report to Congress, the commission reported a steep rise in the disruption and infiltration of websites of the US government and perceived Beijing rivals such as Tibet's exiled leader the Dalai Lama.

Colonel Gary McAlum, a senior military officer, told the commission the US Defense Department detected 54,640 malicious cyber incidents to its systems in 2008, a 20 percent rise from a year earlier. The figure is on track to jump another 60 percent this year.

While the attacks came from around the world, the commission said China was the largest culprit. Some Chinese "patriotic hackers" may not receive official support, but the report said the government likely planned to deploy them in a conflict to disrupt a foreign adversary's computers.

The bipartisan commission found that China was the most aggressive nation in spying on the United States and was trying to recruit more American spies.

While China historically tried to tap Chinese Americans -- believing, often incorrectly, that they would be sympathetic -- it was now turning to the Soviet model of seeking to bribe informants with cash and gifts, the report said.

It said the Chinese were expanding "false flag" operations, in which sources are deceived into thinking they are providing information elsewhere.

It pointed to the case of Tai Shen Kuo, a furniture salesman in New Orleans arrested last year after persuading two retired US military officials to give sensitive information by telling them it was headed to Taiwan, not mainland China.

The commission also found that China has launched an effort to influence US think-tanks and academia by rewarding scholars with access and depriving visas to more critical voices.

"It becomes self-censorship. If you're in graduate school and want to become a China scholar, you need to go to China. And if you criticize the Chinese government on certain things, you won't get in," said Bartholomew, a former top aide to House Speaker Nancy Pelosi.

"What it means is that we have a generation of China analysts who are being created who don't necessarily have the freedom or the ability to think through a broader range of questions," she said.

The commission also criticized China on its trade policy, recommending that the United States press Beijing to make its yuan more flexible and to turn to the World Trade Organization to fight what it termed predatory trade practices.

Shortly after the release of the report, two lawmakers called for an investigation into China's "currency manipulation," which would set the stage for slapping import duties on Chinese goods.

President Barack Obama this week paid his first visit to China, which is now the top holder of the ballooning US debt. His administration has sought cooperation with China on battling the global slowdown.

The commission paid a field trip to Rochester in upstate New York, where it said core industries such as machine tools, auto parts and optoelectronics were struggling against Chinese competition that often enjoys state support.

"For 20 years we have watched China policy be controlled really by a handful of large multinational corporations. They're the ones who determine the interests," Bartholomew said.

"But there are a lot of constituency interests out there -- particularly small and medium-sized enterprises -- that are being hurt by the current US-China policy," she said.

Separately, the report recommended that the United States "continue to work with Taiwan to modernize its armed forces," saying China was rapidly expanding its military advantage despite easing tensions with the island.

The Obama administration has yet to decide on Taiwan's requests to buy arms, including F-16 jet fighters. Such a step would almost certainly anger China, which considers the island its territory.