Recent attacks on companies like Yahoo! and Amazon.com have raised
fears that no-one is safe from hackers, but how much damage can
they really do?
These are troubling times for the emerging dot com industry.
While share prices of any internet business publicly floated have
gone through the roof as investors look to the future, all is not
rosy in the virtual garden of IT. Many industry observers and
analysts are predicting that the Internet bubble will soon burst
when the city realises that not all Internet businesses will be as
huge a success as initially predicted. Competition is increasing
rapidly as many traditional bricks and mortar companies take the
plunge into the online world to reap the benefits the Internet can
bring.
But on top of all this, there is a constant threat from malicious
elements who have taken it upon themselves to fight back against
the continuing corporatisation of the web. And now it seems it is
even easier for those that wish to reek havoc to disrupt the
running of a company's online operations.Back in January, security
vendor RSA hosted a conference in California. Many of the world's
security specialists gathered together to discuss the latest threat
to the Internet, DDos (distributed denial of service) attacks.
These denial of service attacks on companies websites are nothing
new, hackers have been trying to disrupt the service of the big
corporations for years. What has changed is that tools, which make
it far easier to carry out these attacks, have just started
circulating the hacker community. Programs like trin00, Tribal
Flood Network and Stacheldraht (German for barbed wire) have made
it simple for hackers with even the most basic of knowledge to
bring down large companies' e-commerce sites.The tools allow
hackers to command hundreds or thousands of separate clients, which
can then be used to attack a website with masses of junk data,
slowing the site down immensely, or even bringing it down
altogether. Because the attack seems to be coming from hundreds of
different sources, it also makes tracking down the perpetrator or
perpetrators very difficult. The tools do not require the hacker to
gain root access to any clients' system making the task neither
difficult nor time consuming. This also means that the clients
being used to carry out the attack rarely know that anything is
happening. Linux boxes attached to DSL and cable modems are seen as
particularly vulnerable to being used as the hacker's
puppets.Stopping the attacks is also quite difficult. Due to the
distributed nature of the attack, the website cannot solve any
disruption by killing the process. As long as the clients are still
being controlled by the hacker, then the attack can be resumed. In
fact, the only real way it can stop is if the infected clients
realise what is happening and puts a stop to it at that end. But
this is not easy and a hacker can always move onto other clients
and restart an attack.The most worrying evidence that came out of
the conference was the ease of which the tools could be used. The
scripted nature of the tools allows even the most unsophisticated
of hackers to launch attacks anywhere in the world.The security
industry thrives on scare stories. The more people worry about the
vulnerability of their businesses, the more security they want for
their websites, and the more money the security industry makes from
them. Barely a day will go by without one of the major anti-virus
companies releasing a warning of yet another potentially dangerous
virus that they have released protection for. So it is perhaps of
little surprise that the warnings from the conference received
little fanfare in the mainstream press. That soon changed a few
weeks later when all hell broke loose on some of the biggest
Internet sites around the world.Early in February, Yahoo!, one of
the biggest portal sites on the web, was taken down by a
distributed denial of service attack. The site was out of service
for several hours before it could be finally brought back online.
Within the next couple of days, Amazon.com, CNN.com, Buy.com and
eBay all suffered almost identical attacks with varying
results.Amazon.com managed to survive the assault, although its
service was slowed up considerably. CNN.com, which was hit just
before Amazon, was only able to provide content at sporadic
intervals during the attack. Buy.com suffered an attack that
brought its servers down for three hours. Auctioneer eBay was left
with an incredibly slow site for some and a completely inaccessible
one for others.These attacks caused a feeding frenzy in the media
over concerns about the safety of websites across the globe. It was
assumed that if sites such as Yahoo! and Amazon.com, who were
pioneers of Internet-based business, could fall to these attacks
then almost any site in the world was vulnerable.The initial
prognosis from the security experts was not good either with Jim
Magdych, head of security at Network Associates' PGP Security unit,
saying: "At least one person or group of people has the ability to
take down a site at any given time. If this is someone who has a
large collection of sites waiting to attack, they could literally
fire off one attack after another. They can probably take down
pretty much any site on the Internet."Comments like these were
common place, with almost all analysts predicting the worse. What
was a relief to most other businesses was that this seemed like a
co-ordinated attack by a single person, or at most a single group
of people. The attacks were focused at a small number of high
profile e-companies over a short space of time. After that the
attackers faded into the background once again.Concerns for other
e-commerce companies must also have been alleviated by the fact
that these attacks are never more than troublesome, and at most may
cause a period of down time. At no point is the attacker privy to
any sensitive information or customers payment details. Security on
Internet sites is so tight these days that any proper breaches
where a hacker actually gains access to the network are very rare.
This is for most the best they can do, and it is far less damaging
than internal security breaches.Nevertheless, these attacks can
still be financially damaging. If a business relies heavily on
transactions over the web, then downtime can cost a lot of money.
So it was within a couple of days that the first prospective
solutions to these denial of service attacks appeared.Network
Associates' response to the attacks was to offer its VirusScan
product with the ability to detect and remove 'Zombie' code, the
code which allows hackers to launch denial of service attacks from
other's machines.Vincent Gullotto, director of McAfee's anti-virus
emergency response team, says: "It's important to note that the
security problems that have emerged recently were not in the
websites that went down, but in the multitude of servers which were
unwitting participants in the effort to overwhelm them. The
solution to the problem lies in taking back each computer that can
add to a hacker's arsenal, by removing the DDos agent that makes it
dangerous."This is an admirable stance, but convincing people to
pay money to protect other companies' websites may be a little
hard. McAfee is keen to point out the potential legal pitfalls of
being unwittingly involved in a denial of service attack, but so
far there have been no test cases on this subject.Security is
always a race between hackers and the security companies to get one
step ahead of each other, and no sooner had the threat of the DDos
attacks subsided then Trend Micro were warning of an even more
dangerous denial of service threat.Troj_Trin00 is an altered
version of one of the previously used tools, which allows access to
Windows NT or 9x boxes that are connected to the Net via Broadband
access. Previously most attacks had been launched from vulnerable
Unix or Linux boxes The new variant allows hackers to access
millions more clients than previously and also makes it much
simpler to do. Trend claims that the Trojan has already been found
roaming wild on the Internet, but so far no attack has resulted
from its existence. It may only be a matter of time however before
this changes.In this day and age, it is almost impossible to
protect yourself completely against malicious hackers. Better and
better security measures can be implemented, but just as quickly,
hackers will find ways around them. It is almost with relief that
those wanting to hurt companies have resorted to denial of service
attacks, where very little real damage can be done. There are very
few hackers out there with the experience, guile or motivation to
be able to break into a reasonably well protected network to gain
confidential information. The recent spate of attacks on high
profile companies has caused a lot of concern, but none of the
companies involved are likely to suffer greatly as a result of the
downtime caused by the attack. The Internet will never be 100 per
cent secure, but with good vigilance it can be one of the safest
places on earth to do business.
Paul Grant