Web Sites Suffer Cyber Attacks
By Michael Connolly
This week saw numerous reports of the widespread cyber attacks that overwhelmed government and other web sites in the United States and South Korea over the holiday weekend. Although security agencies haven’t been able to definitively identify the attackers, there has been unofficial finger-pointing towards North Korea.
While Treasury Department and Federal Trade Commission web sites were shut down for extended periods, other government web sites like WhiteHouse.gov and DefenseLINK were able to weather the storm relatively unscathed. The uneven response set alarm bells ringing and underscored how difficult it is to ward off coordinated and multi-pronged attacks.
How do these cyber attacks work and what are the goals of the attackers? This particular type of assault is known as a "denial-of-service" attack. Think about what would happen if you and everyone you know tried to call the same restaurant over and over and order things you didn't even want. You would jam the phone lines and overwhelm the kitchen to the point that it couldn't take any more orders. That's basically what happens to web sites when they are hit with denial-of-service attacks. They're knocked offline by too many junk requests from computers controlled by the attackers.
To orchestrate the attack, the bad guys use "botnets," or networks of "zombie" personal computers that have been infected with a virus. The virus lets the attackers remotely control the machines, which are programmed to contact certain web sites over and over until they overwhelm the host servers. The servers become too busy to respond to anything and the web site slows or stops working altogether.
The weekend attack was thought to involve as many as 60,000 computers, most of them owned by innocent individuals like you and me. These computers could have been infected through e-mail or by visiting a certain web site, with the virus lying dormant until triggered by a date change or some other timing device. In most cases, the computer owners would be completely unaware they were part of the botnet, perhaps just noticing a slowdown in processing power as their machine devoted resources to the attack.
Popular web sites, like e-commerce and banking sites, have a lot of experience dealing with denial-of-service attacks and they have sophisticated software designed to identify malicious traffic. Security experts have referred to these attacks as being “noisy”, to distinguish them from the more subtle attempts of individual hackers to infiltrate a web site and hijack confidential information.
Which leads us to the vexing question of why North Korea or anyone else would instigate such a massive attack. Perhaps they were testing the preparedness of the U.S. to cope with an even larger attack that could cripple our military defenses or shutdown economic activity. Perhaps they are just making a statement about the vulnerability of western democracy. Whatever the reason, they certainly got everyone’s attention, and the U.S. government and commerce will redouble their efforts to prevent a repetition.