Government // Cybersecurity
News
11/27/2012
11:22 AM
Connect Directly
RSS
E-Mail
50%
50%

Bank DDoS Strikes Could Presage Armageddon Attacks

DDoS attack traffic could overwhelm not just targeted websites, but also every intervening ISP, warns Arbor Networks.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
Individual distributed denial-of-service (DDoS) attacks could soon take down not just one site, but any intervening service providers.

The warning over the feasibility of this type of so-called DDoS "Armageddon attack," that could "not only overwhelm the end victim but also all the Internet providers in between," comes via Carlos Morales, VP for global sales engineering and operations at Arbor Networks. His analysis is based on the characteristics of the DDoS attacks launched against U.S. banks in September and October of this year.

What's alarming is that even though the attackers announced the exact date and time that they would be launching their attacks, as well as their targets, the targeted financial institutions were unable to prevent their websites from being disrupted.

Bank officials and DDoS experts have both said that the sheer scale of the attacks was to blame. Attackers had apparently compromised servers -- most likely at service providers -- that were able to support high-bandwidth attacks. Together with blended attack techniques, attackers overwhelmed every one of their targets.

In part, that's thanks to the "itsoknoproblembro" DDoS toolkit also used in some of the attacks, which maintained sustained packet floods peaking at 70 Gbps and 30 million packets per second, reported Prolexic Technologies. As a result, even financial institutions with state-of-the art networks couldn't maintain site availability. "Most enterprise and government data centers have no more than 10 Gbps [of bottleneck] with some ranging slightly higher than this," said Morales in a blog post.

[ Hackers stole 3.3 million businesses' bank details and 1.9 million social security numbers from S.C. Learn How South Carolina Failed To Spot Hack Attack. ]

Thankfully, the bank attacks have ceased, and the group claiming responsibility -- the Cyber fighters of Izz ad-din Al qassam, has been silent since October 23, 2012, when it announced that it was planning a break in honor of the Muslim Eid al-Adha holiday.

Still, the effectiveness of those banking website disruptions has many government officials spooked. Last month, notably, Secretary of Defense Leon Panetta pointed to the DDoS attacks as evidence that the nation's critical infrastructure remains all too vulnerable to being hacked. "In recent weeks, as many of you know, some large U.S. financial institutions were hit by so-called 'distributed denial-of-service' attacks," he said. "These attacks delayed or disrupted services on customer websites. While this kind of tactic isn't new, the scale and speed was unprecedented."

According to Arbor Networks, however, larger attacks have been seen -- both this year and last. Compared with the 70-Gbps peaks in the bank attacks, Arbor reported seeing 101.4 Gbps (in 2011) and 100.8 Gbps (in 2012) attacks. Furthermore, in comparison to the bank attacks peaking at 30 million packets per second, Arbor has seen attacks of 139.7 million (2011) and 82.4 million (2012) packets per second.

As that suggests, the difficulty of generating large-scale attacks has been decreasing. Again, the bank attackers used compromised, high-bandwidth servers -- but botnets are another possibility. For example, Morales said that some botnets have one million infected -- a.k.a. zombie -- PCs at their disposal. "Assuming an average of 1 Mbps worth of upstream access per host, a conservative estimate -- based on the number of broadband subscribers, 4G and 3G users deployed [around] the world -- [means] a 1-million-host botnet could generate an attack of 1 Tbps. Now, what if this botnet and multiple other large botnets attack at the same time?"

The attack volumes theoretically now available would make it possible for attackers to disrupt not just their targets, but every service provider in between. "Service providers have a lot of bandwidth throughout their network, but there are limits to how much traffic they can handle," said Morales. "Attacks of that magnitude described would have profound effect on the Internet as a whole, exploiting bottlenecks in many places simultaneously. No single service provider, even the largest tier ones, would be able to handle all this traffic without adversely affecting their user base."

Thankfully, however, no such attacks have been seen. "Is this possible? It certainly seems so," said Morales. "Is it likely? It doesn't seem so since it would affect everyone on the Internet and not just a single victim. That said, many attacks that didn't seem likely before are now becoming commonplace as motivations have shifted."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
kburg070
50%
50%
kburg070,
User Rank: Apprentice
11/28/2012 | 7:26:08 PM
re: Bank DDoS Strikes Could Presage Armageddon Attacks
The financial crisis showed how interconnected/interdependent banks are financially. It's obviously not any different from a security standpoint. The challenge has been getting banks to work together to ID and fight these kinds of threats, which they have been reluctant to do (collaborate).
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Apprentice
11/28/2012 | 1:13:23 PM
re: Bank DDoS Strikes Could Presage Armageddon Attacks
1 Tbps attacks? Wow. No single enterprise could withstand that. In fact, as you point out, an attack of that size could cripple service providers as well.
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July10, 2014
When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.