Exposing the Dark Side


Data CentreA few weeks ago, several well-known Perth ISP’s were hit by Distributed Denial of Service (DDoS) attacks, bringing their servers to a halt for several hours over the course of several days.

‘We’re pretty sure the attack originated in Europe,’ said one technical manager who asked that his company not be named, ‘but we’ve got no idea who did it or why.’

‘Our main server crashed several times because of the attack. When we realised what was going on, we programmed filters to block messages from the IP addresses the attacks came from, but by that time we’d been down about three hours.’

They’re the dark side of worldwide connectivity and can bring any Internet businesses to a halt. DDoS attacks are frighteningly simple. ‘The software is all over the web,’ the technician said, ‘and it doesn’t matter how secure you are, because you can’t block all traffic.’

And that’s how a DDoS attack works. Unlike a virus or other invasive software, a DDoS attack comes in the form of email, requests for web pages and the other kinds of traffic ISP’s or portals deal with every day.

The difference is in their volume. Imagine you run a successful shopfront business, be it a store or an information booth paid for by advertising. One day a group of people who don’t like your success (or want to use it to promote their own infamy) have thousands of people make enquiries by phone, fax or in person — all at the same time.

Your staff have to spend time following up each enquiry and legitimate customers wouldn’t get a look-in.

DDoS attacks work the same way. They flood a server with data (most of it meaningless) all at once. The effect is that the data ‘pipes’ into and out of that website, news or email server are literally clogged trying to deal with the traffic.

The key to the secrecy is that a hacker sends programs called ‘zombies’ to countless other computers across the Internet without their operators knowing. These zombies are the ones that, at the press of a button, direct thousands or millions of bits of data towards the servers of their victims.

When law enforcement or technical investigators start to trace the attack back, they can’t usually get any further back than the machines that became the unwitting perpetrators, so the true attacker stays hidden.

The problem with learning about (and preparing for) DDoS attacks is that few people want to talk about them. Their perpetrators are clouded in the secrecy of deeply buried bulletin boards, software cracking and porn sites.

And when a company gets hit with one, people learning about it can be a PR disaster. Nobody wants their customers (or shareholders) to think they’re vulnerable to electronic tomfoolery by unidentified hackers whose only purpose is to cause trouble or gain street cred.

So how much damage can DDoS attacks cause? If a few websites go down for a few hours at a time, is it so bad in the scheme of things?

Nobody had given the matter much thought prior to early 2000, when the biggest internet hack attack so far was launched against some of the biggest web site businesses in the world. On February 6, Yahoo! Was flooded with almost one billion bits of information per second — that’s the amount most sites transmit in a week.

The site was crippled and all web page requests were refused. Over the nest few hours, Buy.com was hit (just a few hours after its IPO), then eBay.com, Amazon.com, CNN.com and E*Trade.

The debacle was estimated to have cost $1.2 billion in lost revenue to the affected businesses. The US FBI estimates that Internet computer hacking already costs businesses $10 billion annually in the US alone.

So while iinet and Eon are hardly eBay, Yahoo! Or Amazon, the size of the market dictates that they could still feel the pinch, even in lost goodwill or customer/shareholder faith if not from advertising or service losses because of downtime.