Akamai now says it was targeted by DDoS attack

Computerworld - Akamai Technologies Inc. said today that problems it experienced yesterday morning were caused by a "sophisticated" and large-scale attack aimed at specific Akamai customers, not by a global attack (see story).
In a statement released this morning, Akamai also said the impact of the distributed denial-of-service (DDoS) attack had been overstated. According to Akamai, less than 1% of the company's 1,100 customers "had a significant impact affecting more than 20% of their users."
Overall, only 4% of Cambridge, Mass.-based Akamai's customer base was affected by the Domain Name System problems, with "noticeable impact" being restricted to 2%.
The attack "resulted in delays in DNS name resolutions and, in some cases, timed-out DNS requests," the company said.
The company detected the attack via its automated monitoring systems and worked with several network partners around the world to fix it, Akamai said. Federal law enforcement agencies are now investigating the incident.
Despite the slowdown, "the attack did not cause an outage in Akamai services, as Akamai continued to serve both DNS requests and Web site content for customers throughout the period of the attack," Akamai said.
Several large customers of Akamai suffered performance degradations yesterday morning as a result of the problems related to Akamai's DNS systems. Keynote Systems Inc., a San Mateo, Calif.-based third-party Web site performance measurement firm, said that in some cases, availability of affected sites dropped to near zero for a brief period.
Microsoft Corp., Yahoo Inc. and Google Inc. yesterday confirmed performance issues on their Web sites as a result of the attack, but they didn't elaborate.
"The attack appears to have been very targeted at Akamai, and we have observed no scatter at this point," said Johannes Ullrich, chief technology officer at the Bethesda, Md.-based SANS Institute's Internet Storm Center.

The sheer size of Akamai's Content Delivery Network (CDN), which comprises thousands of globally distributed servers, initially made it seem unlikely the company was the victim of a DDoS attack, Ullrich said. "An attacker would require not only a very large number of zombie systems for such an attack, but they would also have to be placed at the right locations" to be effective, Ullrich said.
The latest statement from Akamai indicates that it wasn't the CDN that was targeted, but Akamai's enhanced DNS service, which consists of only a few dozen servers, Ullrich said. "Unlike the CDN, these systems will only act as backup DNS servers and not serve any Web content. Given that we have observed botnets with hundreds of thousands of hosts in