Feeds

New hack attack is greater threat than imagined

And it may be only a warm-up

  • alert
  • submit to reddit

The essential guide to IT transformation

It was news a month ago; days later it vanished. The mainstream press may have forgotten it, but security specialists gathered in California last week for the sixth RSA Conference to consider the growing trend in malicious computer assaults called distributed denial of service (DDoS) attacks. Using tools called trin00 and tribe flood network (TFN), intruders can commandeer hundreds, possibly thousands, of separate, unsuspecting clients to launch a flood which can bring a network down in a torrent of packets all appearing to come from different sources, making it impossible to identify the origin. Dealing with this sort of assault can be maddening for the primary victim. The clients from which the attack is launched are themselves intermediate victims who rarely know that their systems have been compromised. They are in diverse locations around the world, administered by people who speak different languages, making it nearly impossible for one victim to explain to another how to cope with the threat. Security experts are not optimistic. The tools do not require an intruder to gain root access to a system, but can be uploaded via a number of simpler exploits, many of which can be scripted to run automatically, and even multi-threaded to run very, very fast. Finding weak systems to use as clients for a distributed attack is neither difficult nor prohibitively time consuming. More ominously, DSL and cable modems, which remain connected around the clock, make it possible to launch attacks through the growing number of private Linux boxes now online. "We've already seen these attacks coming through Linux boxes," ISCA Director of Research Services David Kennedy told The Register. "And there's no reason why it can't be ported to the Win-32 [operating system]," he added. To further complicate matters, merely killing the process during a distributed flood attack is not adequate to end it. So long as the hundreds of clients remain infected, an attack can be resumed, Kennedy says. We note that communicating with the owners and administrators of hundreds of compromised clients, and gaining their cooperation, would be virtually impossible. The victim is, for all practical purposes, at the mercy of the attacker. The FBI's National Infrastructure Protection Center (NIPC) has developed an application to detect the malicious tools, though the first indication that they've been installed will usually be a phone call from a frantic sysadmin trying desperately to block the onslaught of packet traffic. We say 'phone call' because a distributed attack capitalises on so much bandwidth from so many sources that it literally overwhelms entire networks. Under those circumstances, e-mail is hardly going to work. An ISP can turn off the attack, provided its administrators are well enough acquainted with the problem; but there again, nothing can stop an attacker from firing up his hundreds of compromised clients hours or days later if he chooses. It gets worse; most of the more obvious defences are problematic. For example, a firewall configured to catch a distributed flood attack would also interrupt such utility functions as ping and traceroute, which are commonly used by administrators and power users, Kennedy noted. The tools are in constant development within the hacker underground; new and better versions are released regularly. Most worrying is a shift to scripted attacks which allow unsophisticated users, such as bored teenagers, half-assed hacker wannabes and clueless script kiddies to launch them. The tools are getting more powerful, slicker and easier to use. Defences are not. Defences require the infected clients, not the end victims, to take action. Human nature being what it is, we reckon the end victims are pretty well on their own. The NIPC offers an unsettling insight: "Possible motives for this malicious activity include....preparation for widespread denial of service attacks." We wonder what "widespread" means here. If one malicious hacker can exploit hundreds of clients worldwide and retain them for repeated abuse, what might a hundred accomplish? And what effect might that have? Could enough bandwidth be gobbled up to crash large portions of the Net? Could ISPs be overwhelmed for hours, even days? Could infrastructure be at risk? The NIPC refuses to say, but our imaginations are very much stimulated by the possibilities. And we reckon yours ought to be as well. ®

Boost IT visibility and business value

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
Yep, that one place you'd hoped you wouldn't find 'em
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
Broadband slow and expensive? Blame Telstra says CloudFlare
Won't peer, will gouge for Internet transit
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?