No announcement yet.

More on DoS Attacks

  • Filter
  • Time
  • Show
Clear All
new posts

  • More on DoS Attacks

    Many sportsbooks have been hit by malicious denial of service attacks this year. These attacks are crippling to a business, and we here at Bettorsworld would like to educate our readers about these attacks so that you will better understand if someone is hit by these.

    Here is another article from the Financial Times:

    Financial Times; Nov 12, 2003

    The latest wave of attacks on online gambling sites, web retailers and internet payment systems follow similar bombardments of companies worldwide.
    Distributed denial of service attacks, once the preserve of mischievous hackers, have become the weapon of choice for organised criminals seeking to extort money from unprotected corporations. It is no less than a high-tech protection racket.
    In September, more than a dozen offshore betting sites serving the US market were brought down by DDoS attacks. E-mails were then reportedly sent demanding payments of up to $40,000 (24,000) or the attacks would be resumed. The Russian Mafia, with assaults traced back to St Petersburg, was thought to be behind the extortion attempts.
    "We have seen these peaks being hit around the world," said Paul Lawrence, Europe and Asia manager for Top Layer, a US company that provides protection against DDoS attacks. "It does seem to be a trend, where they find a specific type of company - like online gambling - and geography is no barrier to them. They seem to be working their way around the world, picking people off quite happily."
    Law enforcement agencies say these are not groups of amateur hackers. "While we still see offences that are done purely for mischievousness, here we are seeing great deals of money changing hands", said Mick Deats, detective superintendent in charge of operations at the National Hi-Tech Crime Unit. "These are for-profit crimes and all intelligence suggests that organised crime is involved."
    The classic DDoS attack begins with a break-in at a computer which then becomes the master computer for the intended attack. Several other computers are then hacked and a command is sent through the master telling them to bombard the servers of the target with bogus requests.
    Industry experts say huge numbers of computers are not needed to bring down a transactional website. A single computer can issue a rapid series of data packets that can help to tie up the target's servers. It is compared with saying "hello" repeatedly and starting numerous unfinished conversations.
    "It's a relatively simplistic brute-force tool," said Mr Lawrence. "[Hackers] will monitor the success of the attack and they will then try something slightly different if the site is not brought down."
    The data of users of the site are generally not compromised. The culprits are not interested in confidential details, they are concentrating on bringing the target network to its knees.
    Tracking down the criminals can be difficult. The computers used are not their own, so tracing their internet protocol addresses can prove fruitless. The bogus requests are also bounced off other servers around the world. If the blackmail request is made by e-mail, investigators have some opportunity, but anonymous addresses are always used and finding the source proves impossible. Law enforcement agencies are enjoying more success through following the money trail back to the blackmailers if the payments are made.
    Other big DDoS attacks have included one on the root servers of the internet last year and two on the website of Microsoft in August. Before DDoS, criminals tried to blackmail companies, such as Fujitsu and Visa, after breaking into their networks and actually stealing data. Increasing the strength of firewalls has made this more difficult.
    CLOSER CO-OPERATION AMONG LAW ENFORCEMENT AGENCIES IN FIGHT AGAINST INTERNET CRIME Planned European legislation on computer crimes and increased international co-operation among law enforcement agencies will boost the efforts of police to track down criminal gangs carrying out attacks on companies from outside their jurisdiction, writes Chris Nuttall. Under existing laws a server in the UK falling victim to a distributed denial of service attack qualifies as an offence under the Computer Misuse Act, with penalties of up to five years in jail. If the attack is accompanied by a "demand with menaces" the penalty can be as much as 14 years for that offence. Police helping other forces abroad to make arrests in countries where the attacks originate can pass their evidence on to the Crown Prosecution Service, which can seek extradition proceedings. A G8 agreement covering 32 countries is helping law enforcement agencies to gather digital evidence very quickly. Data can be frozen and preserved even before legal documentation arrives, preventing hard discs from being wiped and e-mails deleted. "There is a lot of co-operation. Internet crime does not fit neatly into force divisions and geographic boundaries, so we have got to be joined-up about this," said Detective Superintendent Mick Deats of the National Hi-Tech Crime Unit. The European Union is also proposing legislation to deal with newer computer crimes such as DDoS attacks. A framework decision in April with regard to protecting information systems details two new offences of illegal access to computer systems and illegal interference in them. "The catalyst for all this is high-tech crime, there's pressure on everybody to take this seriously," said David Porter, a security consultant at Detica, an IT services company. "The penalties being suggested were at least four years for any attacks causing large losses or where an organised crime network is involved."