[ISN] Q&A: Tom Leighton, chief scientist at Akamai

From: InfoSec News (isn@private)
Date: Thu Jun 17 2004 - 07:38:48 PDT

  • Next message: InfoSec News: "[ISN] US firm spread hostage video"

    http://www.computerworld.com/securitytopics/security/story/0,10801,93875,00.html
    
    By Jaikumar Vijayan 
    JUNE 16, 2004 
    COMPUTERWORLD
    
    Akamai Technologies Inc. said today that the Domain Name System
    problems it encountered yesterday were the result of a sophisticated
    and targeted distributed denial-of-service attack against the company.  
    In an interview with Computerworld, Tom Leighton, the company's chief
    scientist, talked about what happened.
    
    
    What was the nature of the yesterday's attack?
    
    It was a name server attack against four of our customers for whom we
    carry their name servers. Our assumption was this was an attack
    against Akamai and it was perpetrated by attacking our customer name
    service infrastructure.  It is not impossible that this was a
    coordinated attack against those four Web sites. Akamai has a lot of
    key customers, and it could just be a coincidence that the four
    happened to be Akamai customers. [But] we are assuming it was an
    attack against Akamai.
    
    
    Why were only four major customers affected?
    
    Actually, we had more than those four customers impacted. About 4% of
    our customer base [of about 1,100 customers] had the potential to be
    impacted by it. Half of them did not have any noticeable impact. There
    was a set of servers that experienced the brunt of the attack. The
    servers did not go down, but their ability to perform was severely
    hampered. They were giving out valid information, but for a small
    subset of customers, the performance was not there.
    
    
    Has the source of the attack been identified and the attack traffic
    stopped?
    
    That's information that we are sharing with the authorities.  But the
    attack traffic has been eliminated.
    
    
    What's happened since the attack?
    
    We've had a chance to analyze the attack. We have put out several
    additional defensive mechanisms in place because there is a security
    concern. Going forward, we are continuing to place additional
    mechanisms in place. DNS is a critical component of the Internet and
    in general one of the most vulnerable.  We've put a lot into securing
    our name server infrastructure. We have learned from this incident.
    
    
    Is there any indication that someone with inside knowledge could have
    been responsible?
    
    It was sophisticated and very large-scale, but it did not require
    insider knowledge. We have no reason to believe an insider was
    involved.
    
    
    Could the incident have been caused by an internal technology problem?
    
    Our systems performed normally, as they are designed to perform. It is
    because of this that it didn't impact more of our customer base.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)
    



    This archive was generated by hypermail 2b30 : Thu Jun 17 2004 - 12:56:06 PDT