Feeds

New hack attack is greater threat than imagined

And it may be only a warm-up

  • alert
  • submit to reddit

Security for virtualized datacentres

It was news a month ago; days later it vanished. The mainstream press may have forgotten it, but security specialists gathered in California last week for the sixth RSA Conference to consider the growing trend in malicious computer assaults called distributed denial of service (DDoS) attacks. Using tools called trin00 and tribe flood network (TFN), intruders can commandeer hundreds, possibly thousands, of separate, unsuspecting clients to launch a flood which can bring a network down in a torrent of packets all appearing to come from different sources, making it impossible to identify the origin. Dealing with this sort of assault can be maddening for the primary victim. The clients from which the attack is launched are themselves intermediate victims who rarely know that their systems have been compromised. They are in diverse locations around the world, administered by people who speak different languages, making it nearly impossible for one victim to explain to another how to cope with the threat. Security experts are not optimistic. The tools do not require an intruder to gain root access to a system, but can be uploaded via a number of simpler exploits, many of which can be scripted to run automatically, and even multi-threaded to run very, very fast. Finding weak systems to use as clients for a distributed attack is neither difficult nor prohibitively time consuming. More ominously, DSL and cable modems, which remain connected around the clock, make it possible to launch attacks through the growing number of private Linux boxes now online. "We've already seen these attacks coming through Linux boxes," ISCA Director of Research Services David Kennedy told The Register. "And there's no reason why it can't be ported to the Win-32 [operating system]," he added. To further complicate matters, merely killing the process during a distributed flood attack is not adequate to end it. So long as the hundreds of clients remain infected, an attack can be resumed, Kennedy says. We note that communicating with the owners and administrators of hundreds of compromised clients, and gaining their cooperation, would be virtually impossible. The victim is, for all practical purposes, at the mercy of the attacker. The FBI's National Infrastructure Protection Center (NIPC) has developed an application to detect the malicious tools, though the first indication that they've been installed will usually be a phone call from a frantic sysadmin trying desperately to block the onslaught of packet traffic. We say 'phone call' because a distributed attack capitalises on so much bandwidth from so many sources that it literally overwhelms entire networks. Under those circumstances, e-mail is hardly going to work. An ISP can turn off the attack, provided its administrators are well enough acquainted with the problem; but there again, nothing can stop an attacker from firing up his hundreds of compromised clients hours or days later if he chooses. It gets worse; most of the more obvious defences are problematic. For example, a firewall configured to catch a distributed flood attack would also interrupt such utility functions as ping and traceroute, which are commonly used by administrators and power users, Kennedy noted. The tools are in constant development within the hacker underground; new and better versions are released regularly. Most worrying is a shift to scripted attacks which allow unsophisticated users, such as bored teenagers, half-assed hacker wannabes and clueless script kiddies to launch them. The tools are getting more powerful, slicker and easier to use. Defences are not. Defences require the infected clients, not the end victims, to take action. Human nature being what it is, we reckon the end victims are pretty well on their own. The NIPC offers an unsettling insight: "Possible motives for this malicious activity include....preparation for widespread denial of service attacks." We wonder what "widespread" means here. If one malicious hacker can exploit hundreds of clients worldwide and retain them for repeated abuse, what might a hundred accomplish? And what effect might that have? Could enough bandwidth be gobbled up to crash large portions of the Net? Could ISPs be overwhelmed for hours, even days? Could infrastructure be at risk? The NIPC refuses to say, but our imaginations are very much stimulated by the possibilities. And we reckon yours ought to be as well. ®

Security and trust: The backbone of doing business over the internet

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.