[ISN] Web bookies demand higher security standards
InfoSec News
isn at c4i.org
Wed Apr 6 04:14:24 EDT 2005
http://news.zdnet.co.uk/internet/security/0,39020375,39193981,00.htm
Dan Ilett
ZDNet UK
April 05, 2005
Online gambling companies are urging ISPs to do more to prevent
hackers disabling computers with distributed denial-of-service (DDoS)
attacks.
An industry forum made up of the UK's biggest Web gambling firms has
been lobbying Internet service providers for several months to provide
all their customers with better security.
"A lot of [ISPs] have started to address the problem of DDoS
[attacks]said Peter Pedersen, chief technology officer at online
betting site Blue Square, speaking at the e-Crime Congress in London.
"One of the things we were trying to convince ISPs to do was
distribute firewalls to their customers," he added.
Criminal hackers use distributed denial-of-service attacks to flood
their target servers with so much data that they are unable to
operate. A firewall that can conduct stateful inspection of outgoing
data packets should be able to spot when a PC has been compromised by
a hacker and is being used to take part in a DDoS attack.
Blue Square is one of many online gambling companies to face such an
attack. Hackers typically tell e-commerce Web sites to pay up or face
a series of attacks that can cripple their businesses through
downtime.
Pedersen's comments echo a call made by David Yu, chief technology
officer of online gaming portal Betfair, in an interview with ZDNet UK
last November.
Pederson said that the attacks launched on the company's Web site,
Bluesq.com typically comprised between one and two gigabits of data
per second, which clogged their bandwidth and slowed their ISP's
network.
Pedersen highlighted the importance of sharing security resources with
competitors.
"As an industry we could appear with a united front," said Pedersen.
"I cannot emphasise enough how important that is. We are all
competitors but I leave that to the marketing board."
The forum has also been lobbying MPs to outlaw denial-of-service
attacks.
The UK Parliament will have ten minutes on Tuesday to decide whether
to update the Computer Misuse Act (1990). The proposals to change the
law, which will be introduced by Derek Wyatt MP, would make DDoS
attacks illegal, but this is highly unlikely to happen before next
month's general election.
"Derek Wyatt's efforts to re-start a debate in Parliament regarding
the Computer Misuse Act are to be applauded, but a paltry ten minute
slot is not enough time or attention to give to such an important
issue. This lack of interest is an insult to British businesses, which
are most at risk from cyberattacks," said Simon Perry, European
vice-president of security strategy for Computer Associates.
More information about the ISN
mailing list