Lindsay ClarkThe City of London is bracing itself for a wave of hacking
attacks to be launched next week as part of the May Day
anti-capitalist protests.
Jittery IT directors in financial services firms did not want to
talk openly about their security plans, but many are worried that
their corporate and e-business systems will be subjected to denial
of service attacks.
This form of attack makes a Web site unavailable by bombarding
it with electronic requests.
The attack involves hackers using up to tens of thousands of
surrogate servers to attack a single site, said DK Matai, managing
director of mi2g software.
Matai said denial of service attacks were proven in their
capacity to disable systems and would be the favoured method for
hackers during next week's expected anti-capitalist attacks.
Amazon and Yahoo!'s Web sites were crippled by such attacks
earlier this year.
He said, "What we may see is thousands of servers targeting
specific Web sites. With these attacks, protesters get the maximum
impact for the time they spend creating malevolent code."
A denial of service attack can be launched with basic software
tools available on the Web and the hackers do not need to have any
specific knowledge of the victim's systems, aside from the Web
address.
Mass attacks are almost impossible to defend against. Although
filtering software is available to counteract the attacks, the
software used by hackers to launch attacks is becoming more
sophisticated, allowing the type of message to morph during attack,
bypassing filters.
Security expert Peter Sommer, who is a government special
adviser on e-commerce, said the only way businesses could protect
themselves was through a massive investment in Web site
bandwidth.
He warned that other organisations likely to be targeted by
protestors would be those that might be construed to be engaged in
unethical business practices.
Senior security architect at city security specialist
Information Risk Management Richard Stagg said that IRM's clients
in the financial and banking sector were expecting hacking attacks
in conjunction with the protests.
British Bankers Association spokesman Brian Capon played down
the risk of hacking during the May Day protests. "We cannot rule
anything out. Banks are hugely security conscious anyway, but
measures are being stepped up."
Recent history of hacking
| 1996 | Hackers bring down Web
Communications, which hosts 3,000 Web sites, with SYN flood attacks
- a massive flow of connection requests likened to children
knocking on a door and running away |
| 1997 | Hackers break into
Yahoo! and threaten massive destruction if their demands are not
met |
| 1998 | US Justice Department
brings the first federal charges against a hacker - a youth who
crashed air traffic control and emergency services systems in
Massachussetts |
| 2000 | Denial of service
attacks bring down Web pioeers Yahoo!, eBay and
Amazon.com |