Bank DDoS Strikes Could Presage Armageddon Attacks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

Bank DDoS Strikes Could Presage Armageddon Attacks

DDoS attack traffic could overwhelm not just targeted websites, but also every intervening ISP, warns Arbor Networks.

Who Is Hacking U.S. Banks? 8 Facts
Who Is Hacking U.S. Banks? 8 Facts
(click image for larger view and for slideshow)
Individual distributed denial-of-service (DDoS) attacks could soon take down not just one site, but any intervening service providers.

The warning over the feasibility of this type of so-called DDoS "Armageddon attack," that could "not only overwhelm the end victim but also all the Internet providers in between," comes via Carlos Morales, VP for global sales engineering and operations at Arbor Networks. His analysis is based on the characteristics of the DDoS attacks launched against U.S. banks in September and October of this year.

What's alarming is that even though the attackers announced the exact date and time that they would be launching their attacks, as well as their targets, the targeted financial institutions were unable to prevent their websites from being disrupted.

Bank officials and DDoS experts have both said that the sheer scale of the attacks was to blame. Attackers had apparently compromised servers -- most likely at service providers -- that were able to support high-bandwidth attacks. Together with blended attack techniques, attackers overwhelmed every one of their targets.

In part, that's thanks to the "itsoknoproblembro" DDoS toolkit also used in some of the attacks, which maintained sustained packet floods peaking at 70 Gbps and 30 million packets per second, reported Prolexic Technologies. As a result, even financial institutions with state-of-the art networks couldn't maintain site availability. "Most enterprise and government data centers have no more than 10 Gbps [of bottleneck] with some ranging slightly higher than this," said Morales in a blog post.

[ Hackers stole 3.3 million businesses' bank details and 1.9 million social security numbers from S.C. Learn How South Carolina Failed To Spot Hack Attack. ]

Thankfully, the bank attacks have ceased, and the group claiming responsibility -- the Cyber fighters of Izz ad-din Al qassam, has been silent since October 23, 2012, when it announced that it was planning a break in honor of the Muslim Eid al-Adha holiday.

Still, the effectiveness of those banking website disruptions has many government officials spooked. Last month, notably, Secretary of Defense Leon Panetta pointed to the DDoS attacks as evidence that the nation's critical infrastructure remains all too vulnerable to being hacked. "In recent weeks, as many of you know, some large U.S. financial institutions were hit by so-called 'distributed denial-of-service' attacks," he said. "These attacks delayed or disrupted services on customer websites. While this kind of tactic isn't new, the scale and speed was unprecedented."

According to Arbor Networks, however, larger attacks have been seen -- both this year and last. Compared with the 70-Gbps peaks in the bank attacks, Arbor reported seeing 101.4 Gbps (in 2011) and 100.8 Gbps (in 2012) attacks. Furthermore, in comparison to the bank attacks peaking at 30 million packets per second, Arbor has seen attacks of 139.7 million (2011) and 82.4 million (2012) packets per second.

As that suggests, the difficulty of generating large-scale attacks has been decreasing. Again, the bank attackers used compromised, high-bandwidth servers -- but botnets are another possibility. For example, Morales said that some botnets have one million infected -- a.k.a. zombie -- PCs at their disposal. "Assuming an average of 1 Mbps worth of upstream access per host, a conservative estimate -- based on the number of broadband subscribers, 4G and 3G users deployed [around] the world -- [means] a 1-million-host botnet could generate an attack of 1 Tbps. Now, what if this botnet and multiple other large botnets attack at the same time?"

The attack volumes theoretically now available would make it possible for attackers to disrupt not just their targets, but every service provider in between. "Service providers have a lot of bandwidth throughout their network, but there are limits to how much traffic they can handle," said Morales. "Attacks of that magnitude described would have profound effect on the Internet as a whole, exploiting bottlenecks in many places simultaneously. No single service provider, even the largest tier ones, would be able to handle all this traffic without adversely affecting their user base."

Thankfully, however, no such attacks have been seen. "Is this possible? It certainly seems so," said Morales. "Is it likely? It doesn't seem so since it would affect everyone on the Internet and not just a single victim. That said, many attacks that didn't seem likely before are now becoming commonplace as motivations have shifted."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll