Web Extortion Attacks Still A Threat
Published: Friday, June 03, 2005 Online-Casinos.com
WEB EXTORTION ATTACKS STILL A THREAT
Payment company successfully fought off DDoS assault
The BBC carried a report this week which, whilst dating back to August 2004
remains a timely reminder that website owners cannot relax their guard.
One evening last year Asif Malik, security director of the UK online payment
firm Nochex received an email offering a stark choice - immediately send a wire
for $10,000 to a European bank account or face an attack on the company's servers.
It has become common practice for extortionists to target Internet firms and
threaten to cripple their websites with deluges of data unless they pay a ransom.
Not all the e-criminals are able to follow through on their threats but when
the Nochex site went down an hour later it was time to sit up and take notice.
The first thing Malik did was to contact his service provider Pipex, who confirmed
the site was being overwhelmed by a zombie attack - a typical modus operandi
used by extortionists who have armies of zombie computers. These frequently
consist of ordinary users' computers that are hijacked and remotely controlled
often without the owner even knowing. Usually the hijacking is achieved through
covertly infecting machines with a worm or virus delivered via mass emailing
.
Playing for time, Malik opened communications with the crooks by offering to
send the money early the next day.
But for Mr Malik paying up was never an option. Instead it was a chance to see
whether technology could do battle with the e-criminals and beat them at their
own game.
In this particular case the criminals in question were part of a Russian gang,
already well known to the UK police but not yet within the grasp of the authorities.
With the cooperation of New Scotland Yard and international enforcement agencies
the hitech battle was joined.
The solution, in this case, was a network product developed by the U.S. computer
company Cisco. Called Cisco Guard it has been created specifically to fight
DDoS attacks by sorting the legitimate traffic from traffic intent on attacking
servers.
"All of the traffic is diverted and we analyse the flow and identify aspects
of the flow that we believe to be malicious," explained Kevin Regan, a
security consultant with Cisco.
Once installed Mr Malik's attitude was one of "bring it on", confident
that the new armour that had been put around the network would remain impenetrable.
The attacks did come and have continued to come ever since, but so far the Nochex
system has remained online.
DDos attacks have become a big problem for businesses in the last 12 months.
At one point in the autumn of last year Pipex was seeing as many as three to
five attacks each day, although that number has since slowed down.
Most of Pipex's high risk clients, categorised as gaming, gambling and payment
gateway sites, have had the Cisco equipment installed and the patterns of attacks
are becoming familiar to the backbone engineers.
"We have become veterans at it. Our guys have been doing it for 15 months
and we have become quite battle-scarred along the way," said a Cisco spokesman.
According to Regan, such attacks are getting more determined - lasting for days
or even weeks - and more and more zombie machines are being recruited into the
hijackers' armies.
According to the Honeynet Project, set up to create solutions to security problems,
there are over one million zombie computers. Britain has the largest zombie
PC population of anywhere in the world.
It has not been a cheap option for Nochex. In fact, with an initial cost of
GBP 20,000 and a further GBP 3,000 a month, it would have possibly been cheaper
to pay off the hijackers, at least initially.
But, as Malik says, "...who is to say the hijackers wouldn't have come
back next month and the month after?"
The nature of denial-of-service attacks...
* Average cost of mission critical services compromised $100,000 an hour
* Britain has largest zombie PC population in the world
* Over 1million connected computers are zombies
* 30,000+ internet connected zombie networks in 2004
* Estimated 25 percent of all infected PCs are under control of hackers
* Broadband responsible for 93 percent increase in infected PCs in 2004
* 11 percent of small to medium sized businesses suffered DDoS attacks in the
last 12 months
