'Nothing new' in DDoS attacks

Two friends from Akamai take issue with the idea that there's something new about the nature of DDoS attacks targeting U.S. Bank, Wells Fargo and others.

The "new twist on DDoS" mentioned in our story "Hacktivists strike U.S. Bank with volunteer-powered DDoS" is impressive and all. But it's not new. Not even close, two old friends from Akamai told me on Twitter this morning.

Also see: The DDoS attack survival guide

In the story, writer Antone Gonsalves described the "new twist" this way:

Rather than launch the attack from a network of compromised machines, called a botnet, the attackers are apparently using volunteers, said Atif Mushtaq, a security researcher at FireEye. Participants go to either one of two file-sharing sites and download a program written in a scripting language. Once the program is running, a person only has to click on a "start attack" button to send continuous requests to the target's website. This method makes it more difficult for authorities to stop the attack, because there are no control servers. "They know [servers] can be blocked very easily," Mushtaq said.

To that, Akamai CSO Andy Ellis (@csoandy) told me in a tweet, "Thrallnets aren’t at all new. LOIC was the most recent incarnation, but it’s been happening for years."

Added Akamai Security Evangelist Michael Smith (@rybolov), " ByteDoS, ping floods, and wget loops ... people used to DDoS IRC all the time to cause a netsplit and take over channels."

The attacks have generated a lot of headlines in recent days, and the folks at Akamai aren't the only ones critical of the coverage.

In the story "Islamic hacktivists' bank attack claims gain credibility," Taylor Armerding quotes Gary McGraw, CTO of Cigital, who said he is a bit puzzled at all the interest in the recent wave of attacks. "These sorts of attacks happen all the time," he said. "I'm not sure why there seems to be more interested in these."

[Related stories: Banks can only hope for the best with DDoS attacks | Wells Fargo recovers after site outage | Theories mount on bank attacks, but experts stress defense | Arab hackers attack Western websites over film | Best defense against cyberattacks is good offense, says former DHS official]

Copyright © 2012 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline