Feeds

New hack attack is greater threat than imagined

And it may be only a warm-up

  • alert
  • submit to reddit

Top 10 endpoint backup mistakes

It was news a month ago; days later it vanished. The mainstream press may have forgotten it, but security specialists gathered in California last week for the sixth RSA Conference to consider the growing trend in malicious computer assaults called distributed denial of service (DDoS) attacks. Using tools called trin00 and tribe flood network (TFN), intruders can commandeer hundreds, possibly thousands, of separate, unsuspecting clients to launch a flood which can bring a network down in a torrent of packets all appearing to come from different sources, making it impossible to identify the origin. Dealing with this sort of assault can be maddening for the primary victim. The clients from which the attack is launched are themselves intermediate victims who rarely know that their systems have been compromised. They are in diverse locations around the world, administered by people who speak different languages, making it nearly impossible for one victim to explain to another how to cope with the threat. Security experts are not optimistic. The tools do not require an intruder to gain root access to a system, but can be uploaded via a number of simpler exploits, many of which can be scripted to run automatically, and even multi-threaded to run very, very fast. Finding weak systems to use as clients for a distributed attack is neither difficult nor prohibitively time consuming. More ominously, DSL and cable modems, which remain connected around the clock, make it possible to launch attacks through the growing number of private Linux boxes now online. "We've already seen these attacks coming through Linux boxes," ISCA Director of Research Services David Kennedy told The Register. "And there's no reason why it can't be ported to the Win-32 [operating system]," he added. To further complicate matters, merely killing the process during a distributed flood attack is not adequate to end it. So long as the hundreds of clients remain infected, an attack can be resumed, Kennedy says. We note that communicating with the owners and administrators of hundreds of compromised clients, and gaining their cooperation, would be virtually impossible. The victim is, for all practical purposes, at the mercy of the attacker. The FBI's National Infrastructure Protection Center (NIPC) has developed an application to detect the malicious tools, though the first indication that they've been installed will usually be a phone call from a frantic sysadmin trying desperately to block the onslaught of packet traffic. We say 'phone call' because a distributed attack capitalises on so much bandwidth from so many sources that it literally overwhelms entire networks. Under those circumstances, e-mail is hardly going to work. An ISP can turn off the attack, provided its administrators are well enough acquainted with the problem; but there again, nothing can stop an attacker from firing up his hundreds of compromised clients hours or days later if he chooses. It gets worse; most of the more obvious defences are problematic. For example, a firewall configured to catch a distributed flood attack would also interrupt such utility functions as ping and traceroute, which are commonly used by administrators and power users, Kennedy noted. The tools are in constant development within the hacker underground; new and better versions are released regularly. Most worrying is a shift to scripted attacks which allow unsophisticated users, such as bored teenagers, half-assed hacker wannabes and clueless script kiddies to launch them. The tools are getting more powerful, slicker and easier to use. Defences are not. Defences require the infected clients, not the end victims, to take action. Human nature being what it is, we reckon the end victims are pretty well on their own. The NIPC offers an unsettling insight: "Possible motives for this malicious activity include....preparation for widespread denial of service attacks." We wonder what "widespread" means here. If one malicious hacker can exploit hundreds of clients worldwide and retain them for repeated abuse, what might a hundred accomplish? And what effect might that have? Could enough bandwidth be gobbled up to crash large portions of the Net? Could ISPs be overwhelmed for hours, even days? Could infrastructure be at risk? The NIPC refuses to say, but our imaginations are very much stimulated by the possibilities. And we reckon yours ought to be as well. ®

A new approach to endpoint data protection

More from The Register

next story
Amazon says Hachette should lower ebook prices, pay authors more
Oh yeah ... and a 30% cut for Amazon to seal the deal
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Nintend-OH NO! Sorry, Mario – your profits are in another castle
Red-hatted mascot, red-colored logo, red-stained finance books
Sonos AXES support for Apple's iOS4 and 5
Want to use your iThing? You can't - it's too old
Joe Average isn't worth $10 a year to Mark Zuckerberg
The Social Network deflates the PC resurgence with mobile-only usage prediction
Feel free to BONK on the TUBE, says Transport for London
Plus: Almost NOBODY uses pay-by-bonk on buses - Visa
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?