Q&A: Tom Leighton, chief scientist at Akamai
He talked about the nature of yesterday's apparent DDoS attack
June 16, 2004 12:00 PM ETComputerworld -
Akamai Technologies Inc. said today that the Domain Name System problems it encountered yesterday were the result of a sophisticated and targeted distributed denial-of-service attack against the company. In an interview with Computerworld, Tom Leighton, the company's chief scientist, talked about what happened.
What was the nature of the yesterday's attack? It was a name server attack against four of our customers for whom we carry their name servers. Our assumption was this was an attack against Akamai and it was perpetrated by attacking our customer name service infrastructure. It is not impossible that this was a coordinated attack against those four Web sites. Akamai has a lot of key customers, and it could just be a coincidence that the four happened to be Akamai customers. [But] we are assuming it was an attack against Akamai.
Why were only four major customers affected? Actually, we had more than those four customers impacted. About 4% of our customer base [of about 1,100 customers] had the potential to be impacted by it. Half of them did not have any noticeable impact. There was a set of servers that experienced the brunt of the attack. The servers did not go down, but their ability to perform was severely hampered. They were giving out valid information, but for a small subset of customers, the performance was not there.
Has the source of the attack been identified and the attack traffic stopped? That's information that we are sharing with the authorities. But the attack traffic has been eliminated.
What's happened since the attack? We've had a chance to analyze the attack. We have put out several additional defensive mechanisms in place because there is a security concern. Going forward, we are continuing to place additional mechanisms in place. DNS is a critical component of the Internet and in general one of the most vulnerable. We've put a lot into securing our name server infrastructure. We have learned from this incident.
Is there any indication that someone with inside knowledge could have been responsible? It was sophisticated and very large-scale, but it did not require insider knowledge. We have no reason to believe an insider was involved.
Could the incident have been caused by an internal technology problem? Our systems performed normally, as they are designed to perform. It is because of this that it didn't impact more of our customer base.
Security
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
