Tales of Eastern European cyber-criminals amassing an army of ‘zombie' computers, all bent on overwhelming some innocent online business's IT systems with a distributed denial of service attack (DDoS) are now part of IT lore.
The equivalent of 1920s mobsters, they are the source of dreaded emails that read something like: "Your web server just had a 17 hour ‘accident'; unless you pay up, it will have another one soon." And like all the best extortion rackets, once the victim has paid once, the price and the frequency of the demands rises.
The danger is that many businesses think this is only pub-talk, that only a tiny minority of high-profile companies and public sector organisations are targeted.
Those policing the Internet think differently: they have seen the frequency of DDoS attacks rising at an alarming rate. And while extortion might not always be the motive, the effects of an attack can be just as devastating if it has come from a disgruntled ex-employee, a political activist or simply a university undergraduate trying to demonstrate their prowess.
One IT consultant Information Age spoke to recently outlined how his client, a respected law firm, had had its email gateway taken out for almost two days. There was no warning, no demand. But customer communication was badly affected and clearing up after the attack was a nightmare. The client had attempted to filter out attack traffic and had also switched IP addresses, leaving it little idea of what genuine traffic had been lost.
Few businesses have invested in protecting themselves against what they see as the unquantifiable risk of DDoS attacks. In fact, the decision between investing in protection and paying off the attackers has, for some, been a tough call. There is plenty of evidence to suggest that extortion demands are set so that they come in below the ‘competitive' market rate for the software, monitoring services and extra bandwidth that it takes to fight a DDoS attack.
But increasingly, users are coming to the conclusion that this really should be someone else's problem. Blue-chip user group the Information Security Forum believes that protection from DDoS attacks can only come from the network operators: they are in the best position to see when attacks are happening, as they are the carriers of the attack traffic. They are also best placed to trace attacks, and cut them off at source.
There are signs that the operators are taking up the challenge. The Fingerprint Sharing Alliance is a multi-vendor effort to spot attacks, and help those within the alliance to deal with the threats.
Such counter-measures are just the beginning. Like many other aspects of security, the elimination of DDoS attacks will take a concerted effort.
Editor: Kenny MacIver
