International   

Internet faces data overload threat

— Photo: AFP

Websites may be disabled due to onslaught of untraceable data.

SAN FRANCISCO: Attackers bent on shutting down large websites — even the operators that run the backbone of the Internet — are arming themselves with what are effectively vast digital fire hoses capable of overwhelming the world’s largest networks, according to a new report on online security.

In these attacks, computer networks are hijacked to form so-called botnets that spray random packets of data in huge streams over the Internet. The deluge of data is meant to bring down websites and entire corporate networks. Known as distributed denial of service, or DDOS, attacks, such cyber-weapons are routinely used during political and military conflicts, as in Estonia in 2007 during a political fight with Russia, and in the recent Georgian-Russian war. Such attacks are also being used in blackmail schemes and political conflicts, as well as for general malicious mischief.

A survey of 70 of the largest Internet operators in North America, South America, Europe and Asia found that malicious attacks were rising sharply and that the individual attacks were growing more powerful and sophisticated, according to the Worldwide Infrastructure Security Report. This report is produced annually by Arbor Networks, a company in Lexington that provides tools for monitoring the performance of networks.

The report, which will be released on Tuesday, shows the largest attacks have grown steadily in size to over 40 gigabits, from less than half a megabit, over the last seven years. The largest network connections generally available today carry 10 gigabits of data, meaning that they can be overwhelmed by the most powerful attackers.

The Arbor Networks researchers said a 40-gigabit attack took place this year when two rival criminal cyber-gangs began quarrelling over control of an online Ponzi scheme. “This was, initially, criminal-on-criminal crime, though obviously the greatest damage was inflicted on the infrastructure used by the criminals,” the network operator wrote in a note on the attack.

The attack employed a method called reflective amplification, which allowed a relatively small number of attack computers to generate a huge stream of data toward a victim. The technique has been in use since 2006. “We’re definitely seeing more targeted attacks toward e-commerce sites,” said Danny McPherson, chief security officer for Arbor Networks. “Most enterprises are connected to the Internet with a 1-gigabit connection or less. Even a 2-gigabit DDOS attack will take them offline,” he said.

Large network operators that run the backbone of the Internet have tried to avoid the problem by building excess capacity into their networks, said Edward G. Amoroso, the chief security officer of AT&T. He likened the approach to a large shock absorber, but said he still worried about the growing scale of the attacks.

“We have a big shock absorber,” he said. “It works, but it’s not going to work if there’s some Pearl Harbour event.” Overall, the operators reported they were growing more able to respond to DDOS attacks because of improved collaboration among service providers.

According to the Arbor Networks report, the network operators said the largest botnets, which in some cases encompass millions of “zombie” computers, continue to “outpace containment efforts and infrastructure investment.”

Despite a drastic increase in the number of attacks, the percentage referred to law enforcement authorities declined. The report said 58 per cent of the Internet service providers had referred no instances to law enforcement in the last 12 months. When asked why there were so few referrals, 29 per cent said law enforcement had limited capabilities, 26 per cent said they expected their customers to report illegal activities, and 17 per cent said there was “little or no utility” in reporting attacks. — New York Times News Service

Printer friendly page  
Send this article to Friends by E-Mail

Stories in this Section

China unveils $570-billion stimulus package
World Bank, U.S. hail plan
Plan worth 7% of China’s GDP
Lay down arms, LTTE told
Gas leak caused submarine accident
Ansari hails smooth transition in Maldives
Disputed drilling rig sparks tension
Paparazzo denies blackmail plot
31 die in Baghdad blasts
Hurricane Paloma ravages central Cuba
Internet faces data overload threat

Copyright © 2008, The Hindu. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu