http://technology.timesonline.co.uk/tol/news/tech_and_web/article1824601.ece By Jonathan Richards Times Online May 22, 2007 The Daily Telegraph website has been the victim of a mystery and destructive attack by hackers that has blocked access to the site over the last 24 hours. The paper confirmed that its site had been the victim of a 'distributed denial of service attack' (DDoS), and that many readers had not been able to log on since yesterday morning. A third party team of experts was still working to return systems to normal, following what the paper described as "an act of vandalism". "With these things it's always difficult to know what might be behind it," a Telegraph spokeswoman said. The paper had not received any threats demanding that particular stories be removed, the spokeswoman said, but a "revenge attack" was one of the possible explanations cited by security experts. "The nature of these attacks is that they come from multiple sources," the paper's digital editor, Edward Roussel, told mediaguardian.co.uk. "We have had them in the past but they have never succeeded in toppling the website. This particular one was stronger than anything we have experienced," Mr Roussel said. A "denial of service" attacks occurs when hundreds of thousands of computers are directed to log onto a particular site simultaneously, causing it to crash under the weight of requests. The computers owners' are unusually unuaware they are participating in the attack, their machines having been co-opted by an e-mail or internet-based worm sent via a network known as a 'botnet'. "Newspaper sites are often the target of politically motivated attacks," William Beer, a director of security practice at Symantec, said. "In Italy a law was passed recently in relation to peer to peer software, and we saw a lot of internet-based threats directed at newspapers that were favourable to the new regulation," he said. Paul Vlissidis, an expert at NCC, another security firm, said that there were ways of guarding against DDoS attacks, for instance by installing a router which sits 'in front of' a website and monitors incoming traffic. If the router senses a pattern in attempted visits, for instance that the volume is unusually large for a certain time, the requests can be directed elsewhere - "down a kind of cyber black hole," Mr Vlissidis said. The attack comes less than a week after Estonia accused Russia of being behind a similar attempt to bring down various of its central websites and paralyse its infrastructure. Estonian officials said that they had traced the internet protocol (IP) addresses responsible for the attacks to Russian authorities, prompting allegations that Russia had declared 'cyber-war' against its Baltic neighbour. Last year a Department of Trade and Industry report found that more than 50 per cent of businesses had suffered "a premeditated and malicious" security incident in the past twelve months. For large businesses, the average cost of the worst such incident was as much as 130,000, the report said. Tide of denial In February hackers, possibly based in South Korea, attempted to bring down at least the of the 13 computers which help manage global internet traffic, including one operated by the US Department of Defence (DoD). A DoD official was quoted at the time as saying: "We have to be able to respond (to this type of threat)." Last year three Russian citizens were sentenced to eight years each for extorting money from several British gambling websites. The trio were accused of receiving $4 million from sites they threatened with DDoS attacks, and when one site refused to pay a demand for $10,000, it was targeted and and brought down, reportedly costing it $200,000 a day. In 2004 several bookmakers, including Paddy Power and Blue Square were subject to DDoS attacks at the time of the Cheltenham horse races. Extortionists contacted Blue Square, ordering that it pay 7,000 in order that the attack be stopped. The security firm Symantec last year estimated that the number DDoS has risen by 51 per cent since 2005, and detected an average of 1,402 attacks a day. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue May 22 2007 - 22:30:11 PDT