Pierluigi Paganini
May 26, 2012
The UK’s companies 123-reg, the biggest domain provider, was hit this week by a “massive” DDoS attack that caused interruption of the services provided.
The company hosts three million domain names and more than 1.4 million sites. According a press published on the company web site, later removed, the attack came from a Chinese source on Wednesday morning.
In a statement reported on the 123-reg service status page the company blamed attackers in China:
From 11:30 to 22:50 our network was undergoing a massive distributed denial of service attack from China. Due to the nature and size of this attack the firewall systems in place needed to be reconfigured to block the bad traffic and allow the good traffic through.
The attack has lasted the entire day, but the company prompted reply reconfiguring its network defense system to mitigate the problem.
The CEO of 123-reg , Thomas Vollrath, has declared:
“As the largest domain provider in the UK, and coupled with the increase of these types of attacks across Europe in particular, we know we are a prime target. We are still in the process of resolving this,”
The CEO also reassured customers claiming that the company has the technical means to cope with this type of cyber threats that are becoming increasingly frequent.
“Our network of back-up servers ensured we were able to move our traffic across very quickly,” he wrote.
The success of these attacks against service provider, which should be prepared to face them, demonstrates their effectiveness and their potential destructive. Sometimes the size of a DDoS attack can temporary overwhelm every defense system.
What is strange is the company has removed all references to the attack from its support pages, another interesting particular is that it is not the first time that a UK company was hit by similar attack, it’s already happened a month ago with another big UK service provider, the UK2.net.
What might be the reasons for such an attack? Hard to say without having additional information, the company may have been attacked because it offers services to some company or organization, or it may be the victim of an attack by competitors. In this case the Chinese origin does not provide additional elements of judgment and I doubt a direct involvement of government in Beijing.
We all know the huge potential of China on cyber espionage and cyber warfare, whose aggressive policy has offended repeatedly private Western companies.
The news circulated immediately after the attack on the Asian source ohas raised some controversy. Many are convinced that the operation was a government cyber attack , it is likely but in the absence of evidence it is useless to spread the word misleading. I refer of course to the media and not the company that handled the event well.
An attack from China is not necessarily attributable to the government, the nation now houses the major number of mobile devices in the world, a cyber threats such as a botnet could benefit from the presence of so many smartphones.
In a time when many have accused the Chinese government of its cyber strategy too aggressive, unfounded rumors such as this could complicate the difficult dialogue with Beijing.
Last year we have observer an impressive grow of distributed denial-of-service (DDoS) attacks mainly related to operations arranged by group of hacktivists such as Anonymous, they will continue into 2012 with a sensible increase of attacks related to cybercrime. According the Verizon report on cybercrime, hacktivism is one of the most dangerous phenomenon, and DDoS attacks are their typical attack mode, for this reason we will observe an impressive grow also supported by the worldwide spread of botnets. Regarding the attacked platforms we are observing a growing interest in the Mac world, it is expected a growth of OS X botnets able to perform DDoS attacks.
Other sensible contributions to the increment of this type of attacks are provided by the usage of mobile phones and devices as launch platform and also to imminent diffusion of IPV6 protocol.
We must also consider that DDoS attacks are largely used in warfare operations against enemy governments. Group of hackers are also engaged to attacks sensible targets with the intent make unusable services provided by agencies and institutions.It is happened earlier this year, when Israel has been victim of a true escalation in cyberwar, not identified attackers have in fact pulled down two principal national web sites, the Tel Aviv Stock Exchange and El Al, the national airline. Again financial istitution under attacks.
DDoS attacks are even more dangerous when they are used in conjunction with other types of offense. DDoS attacks are used as a diversionary strategy to distract opposing defenses from the real intent of the attackers. Precisely this strategy was occasionally adopted by organized criminals using botnets to paralyzed target defense systems and then proceed undisturbed in the development of fraud.
Pierluigi Paganini
