Pro-WikiLeaks DDoS reprisals overrated, says expert
Attacks were small in size, unsophisticated in execution in comparison to 5,000 confirmed DDoS attacks this year
Computerworld - Headlines to the contrary, the WikiLeaks hacktivist attacks against Visa, MasterCard, PayPal and others last week were relatively small and disorganized, a security expert said.
"Despite the press the attacks received, they were small potatoes," said Craig Labovitz, chief scientist at Arbor Networks in Chelmsford, Mass., and an authority on the security of the Internet's infrastructure.
In a long post to Arbor's blog earlier in the week, Labovitz compared the scale and sophistication of the pro-WikiLeaks distributed denial-of-service (DDoS) attacks to 5,000 confirmed DDoS attacks during 2010.
Labovitz's conclusion: The WikiLeaks attacks were "unremarkable."
"I'd call this the cyber equivalent of a French trucker's strike," said Labovitz in an interview Thursday. "It certainly wasn't a war, as some headlines have claimed. It was a form of protest, but one with collateral damage."
The DDoS attacks were aimed at sites belonging to Amazon.com, MasterCard, PayPal and the Swiss payment transaction firm PostFinance, apparently in retaliation after each terminated WikiLeaks accounts or pulled the plug on services to WikiLeaks. Similar attacks targeted sites of Sen. Joseph Lieberman (I-Conn.) and Sarah Palin, the former governor of Alaska. Both had blasted WikiLeaks for releasing a trove of confidential U.S. State Department cables late last month.
But when Labovitz compared those attacks with statistics compiled by Arbor -- the company supplies anti-DDoS technologies to about 75% of the world's Internet service providers -- he found the WikiLeaks campaigns wanting.
According to Labovitz, neither the round of initial attacks that targeted WikiLeaks itself nor the later retaliatory strikes were massive-flooding DDoS or ultra-sophisticated application-level attacks.
"The type of [application level] queries from LOIC were unsophisticated," said Labovitz, referring to a free tool called Low Orbit Ion Cannon, which many of the pro-WikiLeaks attack participants used. "A sophisticated attack uses the right order of queries, the right set of API calls to bog down the system." The hacktivist attacks showed no traces of either.
Nor were those attacks massive.
Labovitz estimated that the pro-WikiLeaks attacks generated at their peak about 5Gbit/sec. of traffic aimed at the targets, well under the 50Gbit/sec. Arbor tracked in several other flooding DDoS attacks this year, and just a fraction of the nearly 70Gbit/sec. seen in the largest attack thus far in 2010.
And although more than 100,000 copies of LOIC were downloaded last week, Labovitz said that Arbor's data showed that the peak number of simultaneous WikiLeaks retaliatory attackers was only in the hundreds, not the thousands.
"The number of source IPs observed in the WikiLeaks retaliation attacks fell into the mid or higher end of the 5,000 validated DDoS attacks last year," he said on the blog post.
To Labovitz, that suggested that while hacktivists tried to recruit large botnets, those collections of compromised computers were not actually used.
But while the WikiLeaks attacks were easily blocked by most targets, that doesn't mean DDoS attacks aren't a serious threat to the Internet.
"The majority of attacks we see can be dealt with," Labovitz said, "but there are professionals with financial motives who are putting a lot of time and money into very sophisticated DDoS attacks." He hesitated to assign specific motives for such high-end attacks, although some, he said, were clearly extortion attempts against ISPs and companies.
"While the WikiLeaks and retaliatory attacks may not represent the start of 'cyberwar' ... the trend towards militarization of the Internet and DDoS used as means of protest, censorship, and political attack is cause for concern," he wrote on Arbor's blog. "DDoS fueled by the growth of professional adversaries, massive botnets and increasingly sophisticated attack tools poses a real danger to the network and our increasing dependence on the Internet."
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts