The Nine-Day Cyber Attack That Broke the Internet
It's been awhile since most of us complained about spam choking our inboxes. Like Gangnam Style and designer cupcakes, spam is played out.
But the recent cyber attack on Spamhaus, a European anti-spam organization, returned spam to the tip of the tongue. Mostly,because it caused trouble for a lot of innocent bystanders, and it has those of us on cyber security's front lines toting up the lessons.
Indeed, the culprits weren't spam messages themselves. They were shadowy operators out to keep the Internet portals open for spam, but this time their tactics caused worrisome collateral damage.
(Read More: Anti-Spam Fight Jams Up The Internet Worldwide)
Interestingly, there was nothing new about the approach. This was a distributed denial of service attack, or DDoS: historically a crude, artless way to bring down a target online. The perpetrator simply harnesses botnets to flood a target network with requests for information. Target servers are paralyzed by fake queries, while legit users can't fight their way through.
It was simple and effective back in the DDoS heyday. But, like spam, DDoS attacks have declined in recent years—mostly because CIO's have learned how to quickly re-route infected traffic and keep their networks humming. In a war of dollars, the good guys simply out spent the bad guys and its nearly game over.
But this attack had significant impact. So what's new and different about the Spamhaus case?
First: The scope, duration, and sophistication of the assault. If typical DDoS assaults are one-off military clashes, this was Patton's Third Army storming Europe. When the perps failed to blow up CloudFlare, a company Spamhaus had in place to deflect such attacks, they switched gears and launched intermittent strikes against Internet exchanges from London to Hong Kong. The result was a good deal of traffic-slowing,especially in London—and the aggressive action continued, on and off, for nine days.
Second: There's the identified source of the attack. It didn't originate with the usual geographic suspects in Eastern Europe or Asia. The villain is said to be a Dutch concern, Cyberbunker, with a reported business vendetta against Spamhaus.
If so, it's an unprecedented escalation of a commercial cyber conflict, spreading to cause costly trouble for countless uninvolved organizations. It was the cyber equivalent of a reckless firefight in Grand Central Station at rush hour. You don't have to be involved to get hurt.
Nobody knows if this signals the start of a trend—whether we should be bracing for a new wave of smartly crafted DDoS assaults. That's the really ominous aspect of the Spamhaus affair.
This ought to make uptime-conscious companies assess their Internet carriers with fresh eyes. There are lessons everywhere:
- It's not just sheer uptime that's important, but their capacity to deflect persistent, long-lasting DDoS assaults. When a target associated with a particular ill-prepared data center finds itself in the crosshairs, all traffic in and out of that data center is slowed, even though most of it is innocent.
- How tuned in is a carrier to deflecting so-called "multi-vector" attacks— which come in via web browsers, applications, and tablets or smartphones as well as email? It's a truism by now that hardware and application diversity give attackers innumerable potential toeholds, and they need only succeed once to cause harm. But responding to so complex a threat separates the varsity players from the third-string.
- Defensive deflection is only part of the prescription. Is a carrier scanning the horizon preemptively – identifying threats (DDoS and other kinds), sequestering them, and protecting customers before trouble actually erupts? Because attacks of one type or another are being formulated and fired off 24/7, 24/7 outbound monitoring is essential.
There's a reverberating debate, the morning after, about how big Spamhaus really was and how many victims were actually hurt. But that's almost irrelevant. The real issue: a bigger, better-designed distributed denial of service attack is a plausible scenario. The spectacle of two commercial concerns slugging it out this way in cyberspace, bloodying fresh victims around the globe with every punch thrown, should capture everyone's attention and galvanize protective action.
Pat Calhoun is a digital security expert and Silicon Valley veteran who is responsible for the strategic direction of McAfee's network security business unit. He can be followed on twitter at @calhoun_pat.