UK sites vulnerable to Microsoft-style attacks

British companies have little legal protection against denial-of-service attacks on their Web sites of the type launched against...

British companies have little legal protection against denial-of-service attacks on their Web sites of the type launched against Microsoft yesterday.

Will Garside

The claim has been made by consultant Dai Davis of law firm Nabarro Nathanson, following the news that Microsoft has called in the FBI after access to its Web site was blocked for the second time this week.

Davis said, "The Computer Misuse Act of 1990 states that any unauthorised accessing of a computer can potentially result in six months in prison. But the fact that the law is so badly drafted means that any protection under law for a denial-of-service attack like the Microsoft incident is nigh on impossible to enforce."

In North America, the authorities have taken legal action against teenage hackers accused of causing Web site outages. However, British experts claim that even the best protection will not prevent some denial-of-service attacks working.

Scott Blake of security firm Bindview said, "The lesson to take on board is that if you have a public Web site this type of attack can always take place. Microsoft deflects a huge number of these attacks every day but eventually some will get through."

After a 22 and half hour outage on Wednesday, Microsoft Internet properties, including and, offered intermittent access for much of yesterday afternoon and evening.

Microsoft has admitted that the second outage this week was due to a denial-of-service attack by hackers against the domain name servers that route traffic to its Web site. The company claimed that the first outage earlier this week was due to a router configuration error by a technician - a position that was greeted with scepticism by analysts.

Microsoft says it has taken steps to ensure that its networks have improved protection from denial-of-service attacks and will be taking further steps in the days and weeks ahead.

The company has however been further criticised for locating all of its DNS servers on the same segment of its network, creating a single point of failure, by "domain health" specialist Men & Mice.

The company surveyed a random sample of 4,910 .com domain names yesterday and found that 38% of companies had made the same mistake as Microsoft, locating their DNS servers in the same place.

Director of surveys, Sjofn Agustdottir, said, "It is clear that a stunning number of companies have serious DNS configuration problems, which can lead to failure at any time. A single point of failure can go undetected for months which is simply a disaster waiting to happen."

Read more on Antivirus, firewall and IDS products