Other

Beyond Estonia: Bots Get Political

An increasing number of DDoS attacks are coming from botherders with political or economic motivations, say Arbor Networks researchers

By Dave Gradijan

January 16, 2008 — CSO — By Katherine Walsh

Botnets and distributed denial-of-service attacks aren’t just for extortion anymore.

Increasingly, say Arbor Networks researchers Danny McPherson and Jose Nazario, DDoS attacks--and the sophisticated botnets used to power them--are being used for political reasons. And despite the fact that the U.S. government hasn’t been crippled by DDoS attacks, as the small country of Estonia famously was last April, it’s not because there aren’t botnets out there with enough fire-power to do it.

That’s the message that McPherson, chief research officer of Arbor Networks, and Nazario, a senior security engineer at the Lexington, Mass.-based network security provider, will deliver to military and law enforcement personnel this week at the Department of Defense Cyber Crime Conference in St. Louis. In a pre-conference interview with CSO, McPherson gave a snapshot of his and Nazario’s research findings and the transforming landscape of global attacks, the political motivations behind many DDoS attacks, and how the government can prepare for some of largest network threats.

CSO: What does the global attack landscape look like?

Danny McPherson, chief research officer at Arbor Networks: We see thousands of DDoS (distributed denial-of-service) attacks every day. We sift through those with a fine-tooth comb and try to determine which ones are the most significant and why. The most prominent usually turn out to be really large attacks, wide-scale attacks, well-distributed attacks, or attacks with really interesting targets. DDoS motivation has traditionally been linked to extortion, but the attacks could be ego-driven or personal. Extortion is still quite prevalent--the rate of those attacks is still growing. But as the Internet and e-commerce become bigger factors, we are starting to see more attacks related to politics or economics--during an election perhaps. Interestingly enough, those attacks are the louder ones. (Somebody might slam a lot of traffic to make a website unavailable.) Although we still see lots of covert attacks that attempt to fly under the radar (most likely in an attempt to steal intellectual property), the politically motivated attacks seem to be very obvious, and the motivations tend to come to the surface pretty easily.

CSO: How much of a threat are those politically motivated denial-of-service attacks?

McPherson: It’s an emerging issue. We’re monitoring well over a terabyte per second of traffic across roughly 100 service providers globally. We see on the order of 2,000 or so attacks per day. About 1 percent of those attacks are what we consider significant or interes

• Email
• Print
• Comments
• Digg This
• SlashDot