On the 2nd of July some of the more prolific amongst you will have noticed that WebEden went offline for a few hours. We were subjected to a massive Distributed Denial of Service (DDoS) attack. Our servers were attacked from many different hijacked PCs across the Internet all at the same time, which deluged our site with thousands of requests. Our firewalls had a hard time defending from all angles. And this was despite the fact that we had some very beefy firewalls, to defend against just this sort of thing.
Since then we’ve added plenty of extra beef. We’ve re-beefed, you might say.
Well on the 6th of August Twitter proved that its wasn’t above attack either. And it also proved that its Firewalls couldn’t cope. The DdoS attack hobbled Twitter for all its 45 million users, and also took down Facebook and Livejournal too. The difference with this attack is that it has security experts stumped.
“These attacks do not make sense. In the last few years, we have seen the criminals build systems to make money and not get caught,” said Cisco fellow and chief security researcher Patrick Peterson on the BBC dotLife blog.
“Now we see them making a big splash with this attack which is of no benefit. It does not put a single dollar in their pocket and it exposes them to the risk of being caught,” he continued.
What specifically happened in Twitter’s case was that the attack masterminds unleashed a tidal wave of spam email onto the site, which infiltrated it and other sites too.
The first recorded DDoS attack was now over 10 years ago, and big name (and small name!) sites have been defending against them ever since. AOL and Register.com were early victims back in 2001. The most recent incident was the websites of the Iranian government, the focus of foreign activists in opposition to June’s presidential election.
Mr Peterson said to the BBC: “If you go hunting, you want to bag the head of the biggest and fiercest beast to show your strength,”
“So ten years ago, we saw the biggest names on the internet like Microsoft, Yahoo and Amazon get attacked because they were the marquee brands of the day. Today, they are going after Twitter and Facebook for the same reason.”
Despite these DDoS ‘successes’, this type of attack is now seen as outmoded in the criminal world.
“You have to be brave or stupid to have attacks this brazen with law enforcement being more active in the realm of cybercrime. There is a serious risk of being caught,” said Mr Peterson.
John Harrison from Symantec told CNET.com: “Organised crime and other groups have gone off to other things. It’s more lucrative for them to use the internet, not to take the internet away,”
As to who was behind the attack, there is still some confusion. Some people are vaguely suggesting ‘a Georgian blogger’.
The key to blocking DDoS attacks is to use techniques that can distinguish between PCs that are sending 1000s of site requests per minute, to those who are just going for the ‘normal’ 3 to 4.
However, since the requests are coming in from thousands of worldwide IP addresses, you can’t just block those, since many of those IPs will be of legitimate users.
One thing is clear: Twitter too needs to beef up their security, because there will certainly be more of these attacks. And following last month’s hack of confidential Twitter data, that’s 2 jobs that Twitter’s security team need to get busy with.
“But this is a trend. And I think a lot of people who view DDoS attacks as fun will look at all the media attention and it will invite more criminals to try their hand at it,” warned Mr Peterson.
Did you notice Twitter’s downtime? Were you affected? Leave us a comment below.