[ISN] Telegraph website targeted in mystery attack by hackers

From: InfoSec News (alerts@private)
Date: Tue May 22 2007 - 22:17:47 PDT


http://technology.timesonline.co.uk/tol/news/tech_and_web/article1824601.ece

By Jonathan Richards
Times Online
May 22, 2007

The Daily Telegraph website has been the victim of a mystery and 
destructive attack by hackers that has blocked access to the site over 
the last 24 hours.

The paper confirmed that its site had been the victim of a 'distributed 
denial of service attack' (DDoS), and that many readers had not been 
able to log on since yesterday morning.

A third party team of experts was still working to return systems to 
normal, following what the paper described as "an act of vandalism".

"With these things it's always difficult to know what might be behind 
it," a Telegraph spokeswoman said.

The paper had not received any threats demanding that particular stories 
be removed, the spokeswoman said, but a "revenge attack" was one of the 
possible explanations cited by security experts.

"The nature of these attacks is that they come from multiple sources," 
the paper's digital editor, Edward Roussel, told mediaguardian.co.uk.

"We have had them in the past but they have never succeeded in toppling 
the website. This particular one was stronger than anything we have 
experienced," Mr Roussel said.

A "denial of service" attacks occurs when hundreds of thousands of 
computers are directed to log onto a particular site simultaneously, 
causing it to crash under the weight of requests.

The computers owners' are unusually unuaware they are participating in 
the attack, their machines having been co-opted by an e-mail or 
internet-based worm sent via a network known as a 'botnet'.

"Newspaper sites are often the target of politically motivated attacks," 
William Beer, a director of security practice at Symantec, said.

"In Italy a law was passed recently in relation to peer to peer 
software, and we saw a lot of internet-based threats directed at 
newspapers that were favourable to the new regulation," he said.

Paul Vlissidis, an expert at NCC, another security firm, said that there 
were ways of guarding against DDoS attacks, for instance by installing a 
router which sits 'in front of' a website and monitors incoming traffic.

If the router senses a pattern in attempted visits, for instance that 
the volume is unusually large for a certain time, the requests can be 
directed elsewhere - "down a kind of cyber black hole," Mr Vlissidis 
said.

The attack comes less than a week after Estonia accused Russia of being 
behind a similar attempt to bring down various of its central websites 
and paralyse its infrastructure.

Estonian officials said that they had traced the internet protocol (IP) 
addresses responsible for the attacks to Russian authorities, prompting 
allegations that Russia had declared 'cyber-war' against its Baltic 
neighbour.

Last year a Department of Trade and Industry report found that more than 
50 per cent of businesses had suffered "a premeditated and malicious" 
security incident in the past twelve months.

For large businesses, the average cost of the worst such incident was as 
much as 130,000, the report said.


Tide of denial

In February hackers, possibly based in South Korea, attempted to bring 
down at least the of the 13 computers which help manage global internet 
traffic, including one operated by the US Department of Defence (DoD). A 
DoD official was quoted at the time as saying: "We have to be able to 
respond (to this type of threat)."

Last year three Russian citizens were sentenced to eight years each for 
extorting money from several British gambling websites. The trio were 
accused of receiving $4 million from sites they threatened with DDoS 
attacks, and when one site refused to pay a demand for $10,000, it was 
targeted and and brought down, reportedly costing it $200,000 a day.

In 2004 several bookmakers, including Paddy Power and Blue Square were 
subject to DDoS attacks at the time of the Cheltenham horse races. 
Extortionists contacted Blue Square, ordering that it pay 7,000 in order 
that the attack be stopped.

The security firm Symantec last year estimated that the number DDoS has 
risen by 51 per cent since 2005, and detected an average of 1,402 
attacks a day.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Tue May 22 2007 - 22:30:11 PDT