Email
Password
Remember meForgot password?
    Log in with Twitter

article imageOp-Ed: Rent a denial of service attack — The new Internet plague

By Paul Wallis     Feb 9, 2012 in Internet
Sydney - Internet experts are baffled by a denial of service attack on a business called Money Management. The attack was made using a botnet having 4500 computers in Mexico and South America. The fact is that denial of service attacks are now buyable.
According to the Sydney Morning Herald:
CERT Australia - the national computer emergency response team, part of the Attorney-General's Department - was monitoring the soaring traffic live and contacted the company within an hour of the attack being launched. Craig says it identified a ''fairly new and aggressive bot called 'Dirt Jumper''' as the culprit.
''The predicament with this Dirt Jumper is that for $20, you can buy a two-hour attack on a site,'' Craig says. ''For $600, you can get a gigabit per second [attack] for a week. And for $10, they will do a test for you. We can see two spikes in our traffic over the past couple of weeks, and in hindsight…''
Or put more simply, you can throw an online tantrum and attack a website for a few bucks any time you feel like it. It's nice to know that the world's greatest ever communications medium can be compromised by few money-grubbing cretins, isn't it?
The DOS attacks are becoming quite fashionable, in a rather sick sort of way. Previously an Australian website ISP was completely obliterated by a denial of service attack in which 10 years’ worth of records were totally destroyed.
It's starting to look as if ISPs need built in shutdown and redirection routines to deal with these attacks. It also makes Cloud computing look like a progressively less viable option, unless effective countermeasures can be developed. The biggest single point of resistance against the cloud is profound scepticism about keeping cloud materials secure.
Money-management eventually sold the problem by switching to a different provider which specialises in dealing with denial of service attacks. The business is now back online, but the message is clear:
This is the new reality and yet another example of the simple fact that even the basic idea of instituting effective on-site countermeasures is truly dragging the chain. By rights, there should be procedures in place to instantly manage any denial of service attack as it occurs. Commercial websites are unacceptably vulnerable, and so are their users.
Denial of service attacks are becoming a global plague. It s about time somebody did something about...
Denial of service attacks are becoming a global plague. It's about time somebody did something about it.
What is truly nauseating about the situation is that yet another source of income for organised crime is obviously doing quite nicely, as usual. It's absurd that all this technology can't be used much more effectively to literally shut down such basic forms of attack at their source. Internet security needs to be ahead of the game, not perpetually playing catch up.
Botnets have been around for many years, and they can even be blocked manually. I've done it myself. Does anyone really believe that massive servers can do the same thing in about a quarter of a second? There is a credibility issue here, and ISPs would be well advised to take a good look at it.
There is a lack of transparency in all these time-honored responses to a well-known problem. The methods of attack are predictable, and in this case very well known. There aren't really any excuses. Anyone with basic programming knowledge could suggest endless different ways of counteracting these attacks.
Botnet analysis and identification is an area which obviously needs development. Millions of computers around the world are known to be compromised. In most cases the computer users don't even know that their computers are affected. Yet during a denial of service attack even made basic administration board can find IP addresses.
Some questions –
Is anyone it seriously expected to believe that this information is really that hard to find?
Do users have a right to know if their computers are compromised?
Could the biggest class actions in global history be just around the corner if computer users find grounds to sue as a result of their computers becoming infected by using an ISP?
Not that anyone is actually expecting many sudden outbreaks of honesty or admissions of liability for anything, but it's an interesting thought isn't it?
This opinion article was written by an independent writer. The opinions and views expressed herein are those of the author and are not necessarily intended to reflect those of DigitalJournal.com
More about Internet security, denial of service attacks, ISP security, Money management, commercial site vulnerabilities
 
Latest News
Top News