[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 13 January, 2005, 08:56 GMT
Rings of steel combat net attacks
By Mark Ward
Technology correspondent, BBC News website

Horse race, PA
Gambling sites have been hit hard by the attacks
Gambling is hugely popular, especially with tech-savvy criminals.

Many extortionists are targeting net-based betting firms and threatening to cripple their websites with deluges of data unless a ransom is paid.

But now deep defences are being put in place by some of the UK's biggest net firms to stop these attacks.

Increasing numbers of attacks and the huge amounts of data being used to try to bump a site off the web are prompting firms to adopt the measures.

"Net firms are realising that it's not just about anti-virus and firewalls," said Paul King, chief security architect at Cisco. "There are more things that can be done in the network to protect data centres."

Mr King said the only way to properly combat these so-called Distributed Denial-of-Service attacks was with intelligent net-based systems.

Many of the gambling sites suffering DDoS attacks are in offshore data and hosting centres, so any large scale data flood could knock out access to many more sites than just the one the criminals were targeting, said Mr King.

This overspill effect was only likely to grow as attacks grow in size and scale.

Flood victims

Malcolm Seagrave, security expert at Energis, said the most common types of attacks hit sites with 10 megabytes of data over short periods of time. Bigger attacks sending down 200 megabytes of traffic or more were rarely seen, he said.

"It does feel like they are turning the dial because you see this traffic gradually growing," he said.
Computer network cables, BBC
Attack traffic can be hard to pick out
So far there have been no attacks involving gigabytes of data, said Mr Seagrave.

However, he added that it was only a matter of time before such large attacks were mounted.

Maria Capella, spokeswoman for net provider Pipex, said that when DDoS attacks were at their height, customers were getting hit every four to five days.

The defences being put in place constantly monitor the streams of data flowing across networks and pluck out the traffic destined for target sites.

"It's about understanding what's genuine traffic and keeping attack traffic from going to the site," she said.

"We study the profile of their traffic and as soon as we see an anomaly in the profile that's when we start to get the backbone engineering boys to see if we are going to sustain an attack," said Ms Capella.

This traffic can be hard to spot because DDoS attacks typically use thousands of computers in many different countries, each participating machine only sends a small part of the entire data flood.

Home invasion

Typically these computers have been infected by a virus or worm which reports its success and the net address of compromised machines back to the malicious hacker or hi-tech criminal that set off the virus.

Hijacked computers are known as zombies or 'bots and collections of them are called 'bot nets. Many spammers rent out 'bot nets to help them anonymously send junk mail.

Computer keyboard, BBC
Many home PCs have been hijacked to take part in net attacks
Most of the zombies are based outside the country that hosts the target site so getting the attacking PCs shut off can be difficult.

Often Pipex and other net suppliers do get advance notice that an attack is about to happen.

"The serious players tend to precede an attack with some kind of ransom e-mail," said Ms Capella.

"We ask, as part of the service we provide, that customers notify us of anything they have in advance that would give us forewarning."

Once an attack is spotted dedicated net hardware takes over to remove the attack traffic and ensure that sites stay up.

Energis took a similar approach, said Mr Seagrave.

"We have technology out there that allows us to detect attacks in minutes rather than let network engineers spend hours pulling the information together," said Mr Seagrave.

Also net firms were starting to work more closely together on the problem of DDoS attacks and pool information about where they are coming from.

Information gathered on attacks and where they originated has led to some arrests.

He said Energis also did its own intelligence work to get in insight into which sites criminal gangs plan to target.

"We have people in places where they shouldn't be, monitoring tech sites," he said.

Sometimes though, he said, spotting the next victim was easy.

"You can see them going alphabetically through the list with the gambling sites, trying one after another," said Mr Seagrave.


SEE ALSO:
Anti-spam plan overwhelms sites
02 Dec 04 |  Technology
Child porn threat to betting site
27 Oct 04 |  Business
Worldpay struck by online attack
04 Oct 04 |  Business
FBI probes attack on net
23 Oct 02 |  Technology
Arrest in Cisco source code theft
20 Sep 04 |  Technology
Cyber crime booms in 2004
29 Dec 04 |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific