If you haven't heard by now, there are a few groups out there making their rounds hacking some high-profile organizations including Sony and the CIA. Anonymous and LulzSec have done the most damage, even though the media hype is making it more than it really is. The threat and actual attacks themselves have not increased over time, just the public coverage and communication of it has.
Regardless of the statistics, almost all attacks upon large companies will include some form of Denial of Service attack.
Essentially, in a DDoS attack, the target computer is flooded with incoming packet requests. The actual process to achieve this, however, is much more complicated than that. It could take a very long time to properly set up for an attack of respectable size.
The hacker must first infiltrate and infect many computers, using them as zombies, and then controlling them to also carry out the attack. This exponentially increases the amount of packets being sent to the target, it's like recruiting an army of 100 to help you, instead of just upgrading one single person. Even if 99 of the 100 slave computers are old and slow, it's still more effective than trying to do it yourself, or even with 4 or 5 decent, upgraded servers running the latest technology. It's also harder to completely trace out all sources of the attack back to the same master.
In the recent case of 24-year old Kevin Poe (Connecticut), he had chosen the target of the band KISS. He chose them because Gene Simmons had spoken out against online piracy and encouraged other bands to take action against people illegally downloading their music.
Anyway, Kevin (of Anonymous) was caught because he did not completely conceal his tracks during his 5-day attack.
Even after using the most sophisticated and current efforts to hide their identity, he was still caught. The FBI was still able to weed through all other IPs and arrive at his own. It's long and tedious work, and takes the best forensics technology, but it is always possible.
Sources: Information Week - Anonymous Hacker Busted for DDoS Attack
Microsoft TechNet - DDoS Attacks
Regardless of the statistics, almost all attacks upon large companies will include some form of Denial of Service attack.
Essentially, in a DDoS attack, the target computer is flooded with incoming packet requests. The actual process to achieve this, however, is much more complicated than that. It could take a very long time to properly set up for an attack of respectable size.
The hacker must first infiltrate and infect many computers, using them as zombies, and then controlling them to also carry out the attack. This exponentially increases the amount of packets being sent to the target, it's like recruiting an army of 100 to help you, instead of just upgrading one single person. Even if 99 of the 100 slave computers are old and slow, it's still more effective than trying to do it yourself, or even with 4 or 5 decent, upgraded servers running the latest technology. It's also harder to completely trace out all sources of the attack back to the same master.
In the recent case of 24-year old Kevin Poe (Connecticut), he had chosen the target of the band KISS. He chose them because Gene Simmons had spoken out against online piracy and encouraged other bands to take action against people illegally downloading their music.
Anyway, Kevin (of Anonymous) was caught because he did not completely conceal his tracks during his 5-day attack.
Even after using the most sophisticated and current efforts to hide their identity, he was still caught. The FBI was still able to weed through all other IPs and arrive at his own. It's long and tedious work, and takes the best forensics technology, but it is always possible.
Sources: Information Week - Anonymous Hacker Busted for DDoS Attack
Microsoft TechNet - DDoS Attacks
No comments:
Post a Comment