Akamai Attack Reveals Increased Sophistication

Computerworld - An attack last week against Akamai Technologies Inc. demonstrated the disruption of key Web site activity that a well-placed assault on the Internet's Domain Name System can cause.
The incident also revealed a troubling capability on the part of hackers to target core Internet infrastructure technologies, security experts said.
Several major customers of Akamai's DNS hosting services, including Microsoft Corp., Yahoo Inc. and Google Inc., suffered brief but severe Web performance slowdowns on June 15 as a result of a large-scale attack on Akamai's DNS servers. Keynote Systems Inc., a San Mateo, Calif.-based third-party Web site performance measurement firm, said that in some cases, availability of affected sites dropped to nearly zero for a brief period.
Microsoft, Yahoo and Google confirmed that their Web sites suffered performance problems but deferred further comment to Akamai.
Cambridge, Mass.-based Akamai initially blamed a widespread Internet attack. But Chief Scientist Tom Leighton subsequently said that the company appeared to have been the victim of a targeted distributed denial-of-service attack (DDoS) that affected about 50 of its roughly 1,100 customers.
"Our assumption was this was an attack against Akamai and it was perpetrated by attacking our customer name service infrastructure," Leighton said, referring to the DNS.
The question of what went wrong at Akamai is important because of the nature of the attack, security experts said. The DNS is a critical component of the Internet because it maps Web names to IP addresses.
The fact that the attackers were successful in finding these systems and then compromising them at a company that specializes in protecting the DNS infrastructure is another key concern. Also important is that the attack simultaneously disrupted service - however briefly - at some of the largest Web sites in the world.
Alternative Scenarios
Some security experts, however, said a DDoS attack is unlikely to have been the cause of the problem simply because of the amount of bandwidth an attacker would have needed to overwhelm an operation such as Akamai's.

"Akamai is not a two-bit operation. These guys are designed to stay up. They are huge and well distributed, so it doesn't add up," said Bruce Schneier, chief technology officer at Counterpane Internet Security Inc. in Mountain View, Calif. "My guess is that it [was] some kind of an internal failure within Akamai or maybe a targeted attack against them by someone with insider knowledge and access."
Moreover, there was no suspicious Internet traffic or DNS patterns to suggest that such a massive and distributed attack had taken place, said Craig