[ISN] Cyber attack threat worsening: experts

[InfoSec News]

http://www.gulf-times.com/site/topics/article.asp?cu_no=2&item_no=42550&version=1&template_id=36&parent_id=16

Staff Reporter
29 June, 2005

THE threat posed by Distributed Denial-of-Service (DDoS) continues to 
worsen as society becomes increasingly dependent on the reliability of 
the Internet, cyber security experts Dr Sven Dietrich and David Mundie 
have said.

"There has been a marked increase of extortion cases using DDoS during 
2004-2005, with attackers threatening online businesses with a denial 
of service (DoS) if the payment they demand is not made," they said.

Dr Dietrich and Mundie, senior technical staffers of the Carnegie 
Mellon Software Engineering Institute (SEI), are in Qatar to give 
presentations at technical workshops on cyber security.

The workshops are being organised on behalf of Qatar Computer 
Emergency Response Team (Q-CERT) by the Supreme Council for 
Information and Communication Technology (ictQATAR) and SEI.

Q-CERT, scheduled for launch in September with support from Carnegie 
Mellon University's CERT Co-ordination Centre, is envisaged as a 
national organisation to conduct and co-ordinate a comprehensive set 
of cyber security activities.

The forum is meant to adequately protect Qatar's critical 
infrastructure as cyberspace becomes the nervous system of government, 
business and education operations.

"DDoS is a serious problem that disrupts the availability of systems, 
causes them to become inaccessible, unreliable, or to crash entirely," 
Dr Dietrich and Mundie said, recalling that DoS had already become a 
problem in the early 90s.

The goal of a DoS attack is to disrupt some legitimate activity, such 
as browsing web pages, listening to an online radio, transferring 
money from a bank account, or even docking ships communicating with a 
naval port, as explained in "Internet Denial of Service: Attack and 
Defence Mechanisms," which has Dr Dietrich as an author.

This DoS effect is achieved by sending messages to the target that 
interfere with its operation, and make it hang, crash, reboot, or do 
useless work.

One way to interfere with a legitimate operation is to exploit a 
vulnerability present on the target machine or inside the target 
application. 

The attacker sends a few messages crafted in a specific manner that 
take advantage of the vulnerability.

Another way is to send a vast number of messages that consume some key 
resource at the target such as bandwidth, CPU time, or memory. 

The target application, machine, or network spends all of its critical 
resources on handling the attack traffic and cannot attend to its 
legitimate clients.

When the first massive DoS attacks took place in 1999 against 
University of Minnesota, Dr Dietrich had observed and analysed it in 
his capacity as a senior security architect at the NASA Goddard Space 
Flight Centre.

"The first massive attacks on public websites including Yahoo and 
E*Trade happened in 2000 and in the period from then to now 
sophistication of attack tools has increased and at present there is 
an increase of extortion cases using DDoS," the experts said.

The severity of a DoS attack reaches its peak when, for example, an 
attacker gains control over 100,000 machines and engages them in 
generating messages at a target. At this stage the attack becomes a 
DDoS.

CERT Training and Education is offering a variety of courses with 
special emphasis on DDoS and defences, incorporating research 
approaches and concepts such as host system hardening and network 
hardening.