a decade of denial
DESCRIPTION
Distributed Denial of Service, or DDoS, has been around since the late 1990s, but hit in a big way in Feb. 2000 when sustained attacks took down several large Web sites including Yahoo and Amazon. Since then, the techniques for DDoS have evolved to leverage different attack motivations, as well as to bypass protection measures put in place to stop these attacks. In this presentation, the history of DDoS and why it is still so prevalent today will be examined. Topics focus on attacker motivation, various threat vectors and new tools being used – and why you need to be updating your mitigation measures at the same pace.TRANSCRIPT
A Decade of Denial:A Historical DDoS Overview And Open Discussion
With more than 14 years in the data networking and telecom industry, and one of the most accurate forecast track records in the business, Jeff Wilson is a certifiable network security market guru. He has expertise in a wide variety of network security appliance, software, and services markets, including IPSec and SSL VPNs, firewalls, IDS/IPS, NAC, and content security (anti-x, mail security, Web security, data leak prevention).
Jeff Wilson
Dan HoldenDan Holden is the Director of ASERT, Arbor's Security Engineering and Response Team, where he leads one of the most well respected security research organizations in the industry. His teams oversee the ATLAS global security intelligence database and are responsible for threat landscape monitoring and Internet security research, including the reverse engineering of malicious code.
Rakesh ShahRakesh Shah is the Senior Director of Product Marketing & Strategy. He has been with the company since 2001, helping to take Arbor's products from early stage to category-leading solutions and has been dealing with DDoS attacks . His teams focus on launching Arbor’s products into the marketplace as well as developing thought leadership demonstrating Arbor’s unique network traffic management and DDoS mitigation solutions.
First, we’ll highlight the major trends in DDoS attacks and demonstrate how they have grown from an inconvenience to a threat that CIA Director Leon Panetta has called “the next Pearl Harbor.”
A Decade Of DDoS
DDoS Is Born
In the Summer of 1996, an article titled, "Flood Warning," in The Hacker Quarterly, showed how a Distributed Denial of Service (DDoS) attack could be used to shut down a Web site.
Summer 1996
DDoS Is BornSept.1996
The ISP Panix is struck by a sustained DDoS attack, affecting its customers. Evidence shows that it was a direct response to the Panix program that allowed customers to block incoming emails from a list of junk bulk e-mailers.
Industry Response To DDoS ThreatJan. 1998
RFC 2267 is published, which details how network administrators can defeat DDoS attacks via anti-spoofing measures. This will eventually become a standard best practice and be adopted by many networking vendors.
Major E-commerce Sites AttackedFeb. 2000
A hacker, dubbed Mafiaboy, launches sustained DDoS attacks on Yahoo and eBay. He is investigated by U.S. and Canadian law enforcement after found bragging about the attacks on IRC. The Montreal Youth Court sentences him in September, 2001 to eight months of open custody, one year of probation, restricted use of the Internet and a small fine.
Smurf AttacksOct. 2002
An attack lasting for approximately one hour was targeted at all 13 DNS root name servers. This was the second significant failure of the root name servers. The first caused the failure of seven machines in April, 1997 due to a technical problem.
Governments Recognize The ThreatSept. 2003
U.S. Congress proposes legislation for cyber security requirements in private industry. It would require publicly-traded companies to report their cyber security efforts.
U.S. Government Prepared To DefendFeb. 2007
An attack began at 10:00am UTC and lasted 24 hours. At least two of the root servers (G-ROOT and L-ROOT) lost performance while two others (F-ROOT and M-ROOT) experienced heavy traffic. ICANN published a formal analysis shortly after the event.
Due to a lack of detail, speculation about the incident proliferated in the press until details were released.
On February 8, 2007 it was announced by Network World that: “If the United States found itself under a major cyber attack aimed at undermining the nation’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the President, to launch an actual bombing of an attack source, or a cyber counterattack.”
DDoS Becomes A Weapon Of WarApr. 2007
The former Soviet Republic of Estonia is taken offline by a sustained DDoS attack following diplomatic tensions with Russia. A year later, attacks on Russian and Georgia Web sites are coordinated with ground offenses against Georgia territories by Russian forces. The attack effectively isolates Georgia from the Internet at large.
First High Profile Anonymous AttackJan. 2008
Anonymous, an Internet hacker group, launches the first in a series of high profile DDoS attacks when it floods Scientology.org with 220Mb of traffic. It was done in response to the Church of Scientology trying to take a Tom Cruise video interview off the Internet.
DDoS Goes Mainstream2010
DDoS attacks break the 100 Gbps barrier for the first time, with attacks launched against popular Internet Service Providers (ISPs) and other well-known targets. ISPs experience a marked impact on operational expense, revenue loss and customer churn.
Hacktivism EscalatesDec. 2010
PayPal is hit with DDoS attacks by supporters of the Wikileaks Web site after Paypal suspends money transfers to the site. A variety of other major financial sites and credit card companies are also hit for their roles in blocking payments to the site.
APRIL 20, 2011 INTRUSION DETECTED
APRIL 26, 2011 CUSTOMERS INFORMED
Consequences Are DamagingApr. 2011
A DDoS attack on Sony is purportedly used to block detection of a data breach that led to the exfiltration of millions of customer records for PlayStation users. Around 101 million user accounts are compromised, although Sony claims credit card information was securely saved as a cryptographic code.
Governments On AlertJun. 2011
Speaking to the Senate Armed Services Committee, CIA Director Leon Panetta says that: “The next Pearl Harbor that we confront could very well be a cyber attack that cripples America’s electrical grid and its security and financial systems.”
DDoS Gets PoliticalMar. 2012
Canada’s New Democrat Party sees its leadership election impacted by a DDoS attack that delayed voting and reduced turnout.
Governments Become Prime TargetsApr. 2012
In a protest against “draconian surveillance proposals” and the extradition of suspects to the U.S. to stand trial, the hacker group Anonymous targets a number of government sites: the U.S. Department of Justice, the CIA and the UK Home Office.
Summary
1. In little over a decade, DDoS attacks have broken the 100 Gbps barrier.
2. First seen as an irritating interruption in service, DDoS attacks are changing in their nature.
3. Protesters are using DDoS attacks as a way of highlighting what they see as social injustices.
4. Criminals are using DDoS attacks to steal information.
5. Governments have added DDoS attacks to their weapons arsenal.
6. DDoS attacks are now seen as a major threat by governments, as well as large corporations.
How have those solutions changed? What’s available today that wasn’t available 10+ years ago?
Solutions Today
What are some practical strategies for protecting against DDoS attacks?Should these strategies change depending on your industry, business size, or the type of electronic assets you’re attempting to protect?
Strategies for Protecting Against DDoS
DDoS – Who’s Next?