Web warning centre in net attack

By BBC News Online technology correspondent Mark Ward

The net's warning centre that alerts people to the activities of malicious hackers has itself been attacked.

Since Tuesday, the Computer Emergency Response Team (Cert) has been battling to keep its website alive in the face of a flood of bogus data requests.

The attack comes as the FBI warns that these types of attacks, known as denial-of-service attacks, look likely to become more prevalent.

A recent study of denial-of-service attacks found that over 4,000 per week are being mounted.

Data deluge

Since 22 May, Cert, the US Government-funded early warning centre based at Carnegie Mellon University, has been struggling to keep people informed about potential security weaknesses because it has been the subject of a series of attacks by unknown crackers.

The web resources of Cert have been unavailable because the servers hosting its website have been flooded with bogus data requests in a concerted distributed denial-of-service attack.

Minor denial-of-service attacks are frequently being used in personal vendettas

Geoff Voelker, security researcher

The floods of data have been sent by machines around the web compromised by malicious hackers who have implanted a program that endlessly fires off the data requests.

Often, it is hard to find out just where the attacks are coming from because the data requests contain bogus addresses.

Denial-of-service attacks come in many different forms, but Cert is suffering the most common form of barrage.

Experts said that the attack looked like it had been planned and carefully carried out to have kept Cert offline for so long. Typically, web servers recover or stop a denial-of-service attack after a few hours.

As a centre of excellence for web security, the Cert lab is a common target for crackers looking to prove their skill.

A notice on the Cert site reads: "We are taking steps to make services available, and we are in touch with various organizations, including ISPs, to help us investigate and resolve the attack".

Denial research

Cert is not alone in being attacked in this way. In early May, academics at the University of San Diego Super Computer Center released research which showed just how prevalent the denial-of-service attacks have become.

The researchers looked at the worldwide pattern of denial-of-service attacks over three separate weeks and found that in total 12,000 attacks were launched against 5,000 machines.

Targets for the attacks ranged from Amazon to net service providers and even the home PCs of some unlucky web users. In the biggest attacks, machines were being flooded with over 600,000 message packets per second.

In most cases, 65%, victims were only attacked once, and by far the majority, 95% were attacked less than five times. One poor machine was attacked 102 times during one week.

Geoff Voelker, one of the research team carrying out the survey, said the group was surprised at the number of attacks directed at home users.

"Some of these attacks - especially those against cable modem users - can be pretty severe, with rates in the thousands of packets per second," said Mr Voelker. "This suggests that minor denial-of-service attacks are frequently being used in personal vendettas."