Rings of steel combat net attacks
Rings of steel combat net attacks
Gambling is hugely popular, especially with tech-savvy criminals. Many extortionists are targeting net-based betting firms and threatening to cripple their websites with deluges of data unless a ransom is paid. But now deep defences are being put in place by some of the UK’s biggest net firms to stop these attacks. Increasing numbers of attacks and the huge amounts of data being used to try to bump a site off the web are prompting firms to adopt the measures. “Net firms are realising that it’s not just about anti-virus and firewalls,” said Paul King, chief security architect at Cisco. “There are more things that can be done in the network to protect data centres.” Mr King said the only way to properly combat these so-called Distributed Denial-of-Service attacks was with intelligent net-based systems. Many of the gambling sites suffering DDoS attacks are in offshore data and hosting centres, so any large scale data flood could knock out access to many more sites than just the one the criminals were targeting, said Mr King. This overspill effect was only likely to grow as attacks grow in size and scale. Malcolm Seagrave, security expert at Energis, said the most common types of attacks hit sites with 10 megabytes of data over short periods of time. Bigger attacks sending down 200 megabytes of traffic or more were rarely seen, he said. “It does feel like they are turning the dial because you see this traffic gradually growing,” he said. So far there have been no attacks involving gigabytes of data, said Mr Seagrave. However, he added that it was only a matter of time before such large attacks were mounted. Maria Capella, spokeswoman for net provider Pipex, said that when DDoS attacks were at their height, customers were getting hit every four to five days. The defences being put in place constantly monitor the streams of data flowing across networks and pluck out the traffic destined for target sites. “It’s about understanding what’s genuine traffic and keeping attack traffic from going to the site,” she said. “We study the profile of their traffic and as soon as we see an anomaly in the profile that’s when we start to get the backbone engineering boys to see if we are going to sustain an attack,” said Ms Capella. This traffic can be hard to spot because DDoS attacks typically use thousands of computers in many different countries, each participating machine only sends a small part of the entire data flood. Typically these computers have been infected by a virus or worm which reports its success and the net address of compromised machines back to the malicious hacker or hi-tech criminal that set off the virus. Hijacked computers are known as zombies or ‘bots and collections of them are called ‘bot nets. Many spammers rent out ‘bot nets to help them anonymously send junk mail. Most of the zombies are based outside the country that hosts the target site so getting the attacking PCs shut off can be difficult. Often Pipex and other net suppliers do get advance notice that an attack is about to happen. “The serious players tend to precede an attack with some kind of ransom e-mail,” said Ms Capella. “We ask, as part of the service we provide, that customers notify us of anything they have in advance that would give us forewarning.” Once an attack is spotted dedicated net hardware takes over to remove the attack traffic and ensure that sites stay up. Energis took a similar approach, said Mr Seagrave. “We have technology out there that allows us to detect attacks in minutes rather than let network engineers spend hours pulling the information together,” said Mr Seagrave. Also net firms were starting to work more closely together on the problem of DDoS attacks and pool information about where they are coming from. Information gathered on attacks and where they originated has led to some arrests. He said Energis also did its own intelligence work to get in insight into which sites criminal gangs plan to target. “We have people in places where they shouldn’t be, monitoring tech sites,” he said. Sometimes though, he said, spotting the next victim was easy. “You can see them going alphabetically through the list with the gambling sites, trying one after another,” said Mr Seagrave.