Answers to your questions about massive cyberattack

Mar 29, 2013 by Troy Wolverton

Here are some answers to questions about perhaps the biggest cyberattack ever, which recently targeted Spamhaus, an anti-spam group based in Geneva and London. It ended up slowing down or blocking access to numerous Internet sites.

QUESTION: Over what period did the attack occur?

ANSWER: It began on the evening of March 15 and appears to have ended March 26.

Q: What kind of attack was it?

A: It was a type of "distributed ," or DDoS. In such attacks, Internet-connected computers are hijacked, usually to send bits of data to a particular company's . The aggregate overwhelms the company's servers, essentially making it impossible for other Internet users to connect to them.

Q: What was different about this attack?

A: Many past DDoS attacks involved "bonnets." Those are groups of consumer or business PCs that have been compromised and assembled into a network that sends requests directly to a targeted site, often without their owners' knowledge. In this case, though, the attack used misconfigured (DNS) servers. These are the computers that translate the Web and email addresses we type into their actual numerical addresses.

The attackers sent to the misconfigured DNS servers requests for information that pretended to be from Spamhaus. Spamhaus was eventually overwhelmed by the traffic.

Q: Why did the attack affect sites other that Spamhaus?

A: Spamhaus turned to CloudFlare, a San Francisco-based Internet security company, for help. After CloudFlare got Spamhaus back online, the attackers turned their attention first to CloudFlare and then to the network operators upon which CloudFlare depends for bandwidth and the Internet exchanges through which data to CloudFlare flows. Traffic from the misconfigured DNS servers started to fill up those networks and exchanges. In some cases, that traffic from the overwhelmed other, flowing through those networks and exchanges.

Q: How big was the attack?

A: At the time that Spamhaus turned to CloudFlare, the attack was sending 10 gigabits per second of data to Spamhaus. At the peak of the attack, it was generating 300 gigabits per second of traffic.

Q: Who was affected by the attack?

A: The attack appears to have largely affected Internet users in Europe and some parts of Asia. It's not known precisely how many people or websites were affected.

Q: Who was behind the attack and why?

A: The perpetrators of the attack aren't yet known. Because they were able to mask their identities to the DNS servers, they could be hard to trace.

Q: What can be done to prevent future attacks?

A: Regular Internet users are basically powerless to prevent the type of attack that hit Spamhaus. They can, however, prevent their computers from being hijacked for botnet-style DDoS attacks by using antivirus software and keeping it up to date.

People who have their own Internet servers for their business or personal use can check to see if they are configured properly to prevent the DNS attack. The Open DNS Resolver Project at OpenResolverProject.org allows users to plug in their server's address to find out whether it has been configured properly.

Explore further: Second apparent leak of hacked celebrity nude pictures: US media

5 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

HSBC websites hit by cyber attack

Oct 19, 2012

Banking giant HSBC said Friday some of its websites had been hit by a "large scale" cyber attack that disrupted online services, but it assured customers that their data were not compromised.

Tech 101: How a denial-of-service attack works

Jul 08, 2009

(AP) -- Investigators are piecing together details about one of the most aggressive computer attacks in recent memory - a powerful "denial-of-service" assault that overwhelmed computers at U.S. and South Korean ...

Internet doomsday virus appears to fizzle

Jul 09, 2012

The so-called Internet doomsday virus with the potential to black out tens of thousands of computers worldwide appeared to pose no major problems Monday after a temporary fix expired.

Hackers attack top Czech news websites

Mar 04, 2013

Hackers attacked several top Czech news websites on Monday, overloading them with hundreds of thousands of requests per second to make them inaccessible, publishers said.

Recommended for you

User comments : 0