Computer
How does this type of cyber attack work? And how can people make sure their computers are safe?
Here are some questions and answers about the attack.
Q: What is a “denial-of-service” attack?
A: Think about what would happen if you and all your friends called the same restaurant over and over and ordered things you didnt even really want. Youd jam the phone lines and overwhelm the kitchen to the point that it couldnt take any more new orders.
Thats what happens to Web sites when criminals hit them with denial-of-service attacks. Theyre knocked offline by too many junk requests from computers controlled by the attackers.
The bad guys main weapon in such an attack is “botnets,” or networks of “zombie” personal computers theyve infected with a virus. The virus lets the criminals remotely control innocent peoples machines, which are programmed to contact certain Web sites over and over until that overwhelms the servers that host the sites. The servers become too busy to respond to anything, and the Web site slows or stops working altogether.
Its different from what usually happens when you try to access a Web site. Normally, you just make one request to see the site, and unless theres a crush of traffic from something like a big news event, the servers respond well. Hijacked PCs, on the other hand, are programmed to send way more traffic than a normal user could generate on his or her own.
Q: How often do these attacks happen?
A: People try denial-of-service attacks all the time – many government and private sites report being hit every day. Often the assaults are unsuccessful, because Web sites have ways of identifying and intercepting malicious traffic. However, sites really want to avoid blocking legitimate Web users, so more often than not, Internet traffic is let through until a problem is spotted.
Denial-of-service attacks are noisy by design, and they intend to make a statement. Theyre not subtle attempts to infiltrate a Web sites defenses, which can be much more insidious because that gives hackers access to whatever confidential information is stored there.
Often the attacks take a site out for a few hours, before Web site administrators can respond. What made the most recent attack notable is that it was widespread and went on for a while, beginning over the July Fourth holiday weekend and running into this week. Its not yet clear how the attack was able to last that long.
Q: Some organizations appear to have fended off these recent attacks, while other Web sites went down. How can this be?
Popular Web sites, like e-commerce and banking sites, have a lot of experience dealing with denial-of-service attacks, and they have sophisticated software designed to identify malicious traffic. Often thats done by flagging suspicious traffic flowing into the site, and if theres enough of it, preventing it from ever reaching the sites servers.
Another approach is to flag suspicious individual machines that seem to be behind an attack, and ban any traffic from them from reaching the site.
That can often be difficult, though, because criminals use “proxy” computers to route their traffic, masking the source of the original requests. Proxy computers are often other infected computers that are part of a botnet.
Q: Is there usually evidence of who the culprits were? Or is the nature of the attack such that it leaves few fingerprints?
A: Its usually easier to stop a denial-of-service attack than it is to figure out whos behind it. Simply identifying where the malicious traffic is coming from wont get investigators very far, since the infected PCs that get roped into a botnet are owned by innocent people who dont know their computers are being used for nefarious purposes.