http://www.computerweekly.com/Articles/2006/09/27/218731/Airline+foils+hackers+with+latest+high-tech+defences.htm By Bill Goodwin 27 September 2006 A private airline which faced financial ruin after a hacking gang brought its computers to a halt during three months of sustained attacks, claims to have turned the tables on the hackers by installing the latest high-tech defences. The airline, which runs shuttle services between Italy and Albania, narrowly survived after the gang bombarded the companys systems with millions of requests during its busiest booking period. Small companies which rely on the web for business are particularly vulnerable to denial of service attacks, but it is rare for firms to talk publicly about their experiences. Online sports betting sites, including Paddy Power, were hit by a spate of attacks two years ago from gangs demanding the payment of a ransom. In an interview with Comptuer Weekly, Albatros Airlines, said it lost 20,000 a day after the attackers left its website inaccessible to travellers and travel agents for weeks at a time. There was total disruption of sales. We could not sell anything via our system, and had to wait for phone calls from travel agencies, said Erion Elmasllari, head of IT at the airline. Basically our sales were really dropping. The airline, based in Tirana, first realised that something was amiss in December when it received a cryptic e-mail which read, I notify you that attacks will not stop! but if you want to do a counterattack, just tell me ... for money everything can be done :). The attacks failed to register until May, when the companys servers in southern Italy were hit by a massive denial of service attack launched from thousands of infected PCs controlled by the hacking group. The company, which had a 2Mbytes line, increased its line capacity to 10Mbytes and moved its servers to a hosting centre in Northern Italy, but the hackers responded by stepping up the intensity of their attacks. At its peak, the hackers bombarded the company with messages from 7,000 computers, bringing down both the companys systems and its internet service provider. At one point we managed to set up firewall filters, so only the agencies that work with us were allowed on our website. Then the unthinkable happened. The providers in Albania changed their DNS numbers, which meant the firewalls had to be reprogrammed, which took another week, said Elmasllari. The airline finally shifted its servers to a London hosting firm, VistaLogic, which agreed to install specialist technology to protect the servers from the attacks. The technology, supplied by Webscreen, is able to distinguish between normal customer behaviour and an attack. After we started protecting them, the hacker started using different strategies. He has tried every single strategy possible, ranging from bot nets, synflooding, rests, and malformed packets, said Mustafa Ozkececigil, chief executive of the hosting firm.. The worst attack we have had is 200Mbytes a second. That is a substantial amount of traffic. Andy Beard, advisory services director at Pricewaterhouse Coopers, said it was rare for companies that have been hit by denial of service attacks to talk about their experience. "While the defences have got better, the determined attackers are getting better. The sheer number of potentially compromised machines [which can be used to launch an attack] is huge, he said. _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Sep 28 2006 - 00:41:54 PDT