Experts Chart Spike in Cyber Sieges

By Brian Krebs Staff Writer
Friday, May 1, 2009; 11:42 AM

Cyber attacks with enough firepower to knock entire countries off the Internet have spiked in recent months, raising fresh concerns within the security community about weaknesses in the Internet infrastructure that help create such weapons of mass disruption.

These "distributed denial of service" or DDoS attacks use robot networks or "botnets" -- many hundreds or thousands of compromised PCs -- to flood targets with so much junk traffic that they can no longer accommodate legitimate visitors.

While DDoS attacks have been a common threat since the dawn of the commercial Internet, DDoS watchers, such as Arbor Networks, have tracked a recent spike in the number, sophistication and size of attacks against major Internet providers. Attackers also appear to be picking bigger targets.

"We've certainly seen in last 120 days an uptick in critical infrastructure impacting attacks," said Danny McPherson, Arbor's chief security officer. "Suffice it to say, 'interesting' activity in this area has indeed increased from our perspective over the past 6 months or so, and the virulence of infrastructure attacks continues to be evident."

For example, in late March, unknown hackers hit, a cloud computing provider, which disrupted service to roughly half of its 1,000 customers.

Paul Lappas, vice president of engineering for GoGrid, said the attack came from thousands of severs around the Web, and targeted every last one of his company's Internet addresses. The attacks went on for several days, and then as suddenly as they began, abruptly stopped.

"Our systems were designed to handle extremely large DDoS attacks," Lappas said. "We've been in this business for eight years, and seen our share of attacks. But we haven't seen anything like this before."

On April 1, attackers struck, a Web hosting provider that also is one of the Internet's largest domain name registrars. The attack came in fits and starts, and disrupted service intermittently for millions of customers for several days.

On April 6 and 7, The Planet, the world's largest privately held dedicated Web hosting provider, that serves more than 15 million Web sites, was hit by what the Houston-based company called a "massive" DDoS attack.

That same week, a concerted DDoS attack struck Telefonica in Brazil, an Internet service provider that provides Web connectivity to more than 2.1 million Brazilians. The assaults brought Web surfing to a halt for many Telefonica users for several days.

Typically, DDoS attacks are little more than a prelude to shakedowns from cyber thugs, who try to extort money in exchange for calling off the attacks. In most cases, the attacks go unnoticed, either because the target pays the ransom or quickly hires companies that specialize in fending off the assaults.

However, most of the companies mentioned in this story did not receive extortion threats. The Planet, which declined an interview request, did not confirm if this was true for them.

CONTINUED     1        >

© 2009 The Washington Post Company