Answers to your questions about massive cyberattack

Mar 29, 2013 by Troy Wolverton

Here are some answers to questions about perhaps the biggest cyberattack ever, which recently targeted Spamhaus, an anti-spam group based in Geneva and London. It ended up slowing down or blocking access to numerous Internet sites.

QUESTION: Over what period did the attack occur?

ANSWER: It began on the evening of March 15 and appears to have ended March 26.

Q: What kind of attack was it?

A: It was a type of "distributed ," or DDoS. In such attacks, Internet-connected computers are hijacked, usually to send bits of data to a particular company's . The aggregate overwhelms the company's servers, essentially making it impossible for other Internet users to connect to them.

Q: What was different about this attack?

A: Many past DDoS attacks involved "bonnets." Those are groups of consumer or business PCs that have been compromised and assembled into a network that sends requests directly to a targeted site, often without their owners' knowledge. In this case, though, the attack used misconfigured (DNS) servers. These are the computers that translate the Web and email addresses we type into their actual numerical addresses.

The attackers sent to the misconfigured DNS servers requests for information that pretended to be from Spamhaus. Spamhaus was eventually overwhelmed by the traffic.

Q: Why did the attack affect sites other that Spamhaus?

A: Spamhaus turned to CloudFlare, a San Francisco-based Internet security company, for help. After CloudFlare got Spamhaus back online, the attackers turned their attention first to CloudFlare and then to the network operators upon which CloudFlare depends for bandwidth and the Internet exchanges through which data to CloudFlare flows. Traffic from the misconfigured DNS servers started to fill up those networks and exchanges. In some cases, that traffic from the overwhelmed other, flowing through those networks and exchanges.

Q: How big was the attack?

A: At the time that Spamhaus turned to CloudFlare, the attack was sending 10 gigabits per second of data to Spamhaus. At the peak of the attack, it was generating 300 gigabits per second of traffic.

Q: Who was affected by the attack?

A: The attack appears to have largely affected Internet users in Europe and some parts of Asia. It's not known precisely how many people or websites were affected.

Q: Who was behind the attack and why?

A: The perpetrators of the attack aren't yet known. Because they were able to mask their identities to the DNS servers, they could be hard to trace.

Q: What can be done to prevent future attacks?

A: Regular Internet users are basically powerless to prevent the type of attack that hit Spamhaus. They can, however, prevent their computers from being hijacked for botnet-style DDoS attacks by using antivirus software and keeping it up to date.

People who have their own Internet servers for their business or personal use can check to see if they are configured properly to prevent the DNS attack. The Open DNS Resolver Project at OpenResolverProject.org allows users to plug in their server's address to find out whether it has been configured properly.

Explore further: Britain's UKIP issues online rules after gaffes

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

HSBC websites hit by cyber attack

Oct 19, 2012

Banking giant HSBC said Friday some of its websites had been hit by a "large scale" cyber attack that disrupted online services, but it assured customers that their data were not compromised.

Tech 101: How a denial-of-service attack works

Jul 08, 2009

(AP) -- Investigators are piecing together details about one of the most aggressive computer attacks in recent memory - a powerful "denial-of-service" assault that overwhelmed computers at U.S. and South Korean ...

Internet doomsday virus appears to fizzle

Jul 09, 2012

The so-called Internet doomsday virus with the potential to black out tens of thousands of computers worldwide appeared to pose no major problems Monday after a temporary fix expired.

Hackers attack top Czech news websites

Mar 04, 2013

Hackers attacked several top Czech news websites on Monday, overloading them with hundreds of thousands of requests per second to make them inaccessible, publishers said.

Recommended for you

Britain's UKIP issues online rules after gaffes

22 hours ago

UK Independence Party (UKIP), the British anti-European Union party, has ordered a crackdown on the use of social media by supporters and members following a series of controversies.

Sony saga blends foreign intrigue, star wattage

22 hours ago

The hackers who hit Sony Pictures Entertainment days before Thanksgiving crippled the network, stole gigabytes of data and spilled into public view unreleased films and reams of private and sometimes embarrassing ...

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.