What has been
the main consequence of this attack?
Background:
Following the
blacklisting, the attacks began as waves of large but typical DDoS assaults.
Spamhaus has alleged that Cyberbunker is behind the attack. Cyberbunker has not
directly taken responsibility for the attacks; however Sven Olaf Kamphuis,
spokesman for Cyberbunker, said that Spamhaus was abusing its position, and
should not be allowed to decide “what goes and does not go on the internet”.
Who are
thought to be the perpetrators?
Perpetrators
are cyberbunker that is providing hosting for spammers and contacted their
upstream provider,
How was such
an attack made possible?
The attackers
used Distributed Denial of Service (DDoS), which floods the target with large
amounts of traffic, rendering it unreachable. imagine a door with thousands of
people standing on outside of it, Everyone is trying to enter, and no one can
get out. This is the equivalent of a DDoS attack.
In most
common DDoS attacks, hackers use thousands of “zombie” computers to send
traffic to a particular site, with the intention of overloading it. These
computers have often been infected with malware (most often received through
spam email), which gives a hacker control of the machine, unbeknownst to its
owner. Hackers can amass large networks of these infected computers, called
“botnets”, and use them to conduct attacks.
Once the
attacks began, Spamhaus immediately hired a security firm, CloudFlare, which
enacted systems to prevent the DDoS from making a large impact. The attackers
then changed tactics and targeted network providers of CloudFlare. To do this,
they exploited a fault in the Domain Name System (DNS). The DNS converts a web
address into a numeric IP address. A DNS resolver finds the connection from the
IP address to the server, which then delivers content to a user’s computer. If
a network is set up incorrectly, an open resolver can become an easily
exploited vulnerability.
In this case,
the hackers identified 25 million vulnerable DNS servers worldwide which could
be used for attack, and instructed those vulnerable servers to forward an
initial attack. Thus the attack, which was initiated at a single location, was
amplified millions of times by exploited DNS servers around the world.
What can
governments do to prevent such attacks in the future?
Preventing
cyber attacks is a normal part of the world we live in. Gone are the days when
only bulletin board users had to be careful with their computers; now we are
all vulnerable to one extent or another. By now you've heard all of the general
recommendations for dealing with security risks, including using anti-virus
software, implementing a firewall, and being careful with email and
attachments. These are all good suggestions which can and should be followed.
But there are some other steps you can take which are not often heard about,
yet they are equally effective in helping to mitigate the risk of attacks.
Utilize
Security Features of Wireless Routers
Drive down
the average residential street with a laptop computer and scan for available
networks. You'll be amazed by how many wireless home networks are open and
unsecured. This presents a dangerous potential for attackers to access the home
network and seize control of individual computers. Even for less nefarious
hackers, at the very least an unsecured network allows them to steal your
internet service. You can protect against this in two ways. First and foremost,
use whatever security encryption is available on your wireless router to block
unauthorized access. Most modern routers offer both WEP and WPA security
protocols which are adequate for home use. While they both have weaknesses
which allow them to be cracked, hackers have so many other choices they usually
won't spend the time to do so. Second, configure your router so that it doesn't
broadcast the ESSID. The ESSID is the name of the network which the router
broadcasts over the airwaves. Once all of the computers on your home network
are setup to access it, the ESSID no longer needs to be publicly broadcast.
Turn it off. If a hacker doesn't know it's there, he can't go after it so
easily.
Change
passwords and usernames frequently
Malware
authors whose intent is to steal personal information for criminal purposes
often count on the lax attitude of victims to maximize their potential gain.
For instance, one might write a trojan horse to record keystrokes and report
them back to the author. In analyzing the data, the author may discover a user
name and password for a site his victim visited. He'll test that user name and
password in other places depending on the keystroke data, and may gain access
to other websites, accounts, or even administrative privileges on the
compromised computer. It is a good idea to change your user names and passwords
every 30-60 days. It might be a hassle but it can help prevent disaster. You
should also stay away from the temptation to use the same user name and
password for every account you own. Most people do and they're asking to be
hacked.
Switch to a
new OS
For most
people, switching to a new operating system is the most radical of all steps,
but it's well worth it. The well known OS out of Redmond, WA may be the most popular
around the world, but it's also notoriously bad in terms of security. As proof
one only need look at all the security software on the market to see which OS
it's written for. Although Unix-based systems like Mac, Linux, and BSD are not
completely free form cyber attack, the risk to these systems is a fraction of
what it is for Redmond-based systems. This is partly due to their low market
share, but also due to their much more robust security implementation. Once you
get past the learning curve of a new OS, you'll be happy you made the switch,
at least from the standpoint of security.
