WikiLeaks: What is a distributed denial of service attack?
The websites of Visa, MasterCard and Amazon have been targeted by a group of online activists known as Anonymous, causing the sites to crash. But what is a denial of service attack? Why is it illegal, and how easy is it to carry one out?
The current technical assault on the websites of Amazon, Visa and MasterCard is known as a distributed denial of service attack. This technique uses a network of tens of thousands of compromised computers, known as a "botnet", to flood a website's servers with page view requests, leaving legitimate traffic unable to get through. This huge amount of connection requests can quickly overwhelm a server and, in some cases, cause an entire website to crash.
In order to add computers to a botnet, hackers must first gain control of the machine. They achieve this by exploiting vulnerabilities within the computer's operating system to install malicious software on the computer that provides them with always-on, remote access to the PC.
Building a botnet is the time-consuming part, so much so that enterprising cyber criminals will even "lease" botnets to one another for spur-of-the-moment attacks.
Once a machine has been compromised, it can be called in to action by the hacker at a moment's notice. Security experts at McAfee estimate that between March and July of this year, 14 million computers worldwide were enslaved by botnets. All the hacker needs to do is run a small program that communicates with all the computers they control, and it can then command those computers to start dialling out across the internet to a specific server or website. The aim is to flood servers with tens of thousands of page view requests in a short period of time, paralysing the network.
Distributed denial of service attacks are illegal in many countries, including the UK. Under the terms of the Police and Justice Act 2006, it is illegal to impair the operation of any computer, to prevent or hinder access to any program or data held in any computer, or impair the operation of any program or data held in a computer, with “requisite intent” and “requisite knowledge”.
The penalty for unauthorised access to computer material is a maximum of two years’ imprisonment, while paying someone else to launch a distributed denial of service attack is punishable by up to 10 years in jail. Supplying the software or tools that can be used to launch a denial of service attack, or offering access to an existing botnet, carries a penalty of up to two years in prison.
In order to prevent your computer falling foul to hackers and being enslaved by a botnet, it's crucial that you download install the latest software patches issued by your computer maker, use security software such as an anti-virus program on your machine, and use a firewall to manage which programs have access to and from the web to your computer.
Computers that can be a particularly soft target for hackers include machines in internet cafes, where patrons are likely to click on attachments and links from unsolicited sources, thus unwittingly installing a virus on the system, and unloved and forgotten office machines, which are perhaps not patched or maintained as well as other computers in the organisation.
No comments:
Post a Comment