There is a high probability that the US is being targeted for
distributed denial of service attacks by cyberprotestors, according
to a warning issued on 2 November by the FBI's cybersecurity
arm.
Denial of service (DoS) attacks are those in which a target
computer system is flooded with false requests for information to
the point that it is unable to respond to legitimate requests, so
it denies them service. Distributed denial of service (DDoS)
attacks use multiple computers worldwide to launch their attacks
and are harder to combat.
DDoS attacks knocked high-profile sites such as Amazon, Yahoo, and
eBay offline over the course of a week in February 2000.
Online protests, both for and against the US, have been frequent
since September 11, but have largely been limited to Web site
defacements, the NIPC said. Although the DDoS activity that has
gone on so far has been minimal, and mostly limited to attacks
between protest groups, protestors have indicated that US
infrastructure will be a target, the NIPC said. But it also said
that businesses and organisations unrelated to the September 11
attacks could be targets.
The NIPC cautioned organisations to "take a defensive posture and
remain vigilant". The centre also referred systems administrators
to a list of best security practices offered by the
government-funded security research body CERT/CC.
One company that tracks DoS and DDoS activity, SecurityFocus, has
not seen much evidence that such an attack is imminent.
SecurityFocus monitors corporate networks in more than 138
countries to determine and predict attack trends and
patterns.
Although SecurityFocus had detected a 3% rise in the rate of
communication between master computers that would control DDoS
attacks and the systems used to launch the attacks, this is not a
significant increase, said Arthur Wong, the company's chief
executive. The master computers are ostensibly operated by hackers
and would use systems called zombies to launch the attacks.
The cyberprotest groups mentioned by the NIPC have been active, but
their activities have so far been small scale, Wong said. "Since
September, there hasn't been a lot of significant [attack]
traffic," he said. This may signal that people are beginning to be
more reluctant to launch frivolous attacks, although at the same
time Wong cautioned that this means that "when you do get attacks,
they're going to be more serious".
Even if attacks are not an immediate threat, organisations should
heed the NIPC's advice and take steps to better secure their
systems, Wong said.
Further information
The best security practices from
CERT are available at
www.cert.org/security-improvement/