by the numbers
Cyber sewer
Our internet tubes are dripping with raw sewage.
A recent study from Arbor Networks' ATLAS portal, which examines traffic flows from 68 internet service providers (ISPs), estimated that up to 3% of internet traffic is clogged up by malicious distributed denial of service (DDoS) attacks, with peaks of up to 5%. In addition, of the 1.5% of internet traffic that is e-mail, around 66% is junk mail, or spam.
While most spam e-mail is trying to sell a product or service -- often of dubious legality or authenticity -- a DDoS attack is an attempt to flood a target's network with requests, thereby blocking legitimate traffic. It is like 5,000 nuisance callers dialling a helpline all at once. It means that up to one-twentieth of all traffic is meaningless, malicious information designed to overwhelm a victim's servers and make them unable to do their regular job. There have been various victims of the attacks:
- Russian nationalists last year allegedly targeted Estonia's information infrastructure.
- A group of hackers known as Anonymous recently forced the Church of Scientology website to go offline.
- DDoS attacks recently made UK consumer affairs website moneysavingexpert.com go down for several days.
- DDoS attacks have been used to demand protection money from online businesses, particularly gambling sites, though there are signs that this is a less common practice than it once was.
The phenomenon has spawned a cottage industry of companies that fight their effects.
Invisible culprits
DDoS attacks are particularly difficult to combat because they are frequently orchestrated through a botnet. This is a network of 'zombie' computers, controlled through malicious code, which programmers can capture in various says such as inserting code into e-mail attachment and software, or exploiting security vulnerabilities in code that runs particular websites. Some 25% of internet-connected computers may form part of some kind of botnet, without the owner's knowledge or permission.
Bot-spots
As botnets have a geographically distributed structure, they are extremely difficult to detect. It is also inherently ambiguous who has jurisdiction to combat and prevent DDoS attacks, particularly if the internet is regarded as a large global 'good' of which it is difficult to assign ownership.
The table below shows the top ten sources of attack activity, by country. "The top ten is fairly stable, it's a function of IP space and hosts as well as basic problems,"
Arbor Networks senior security engineer Jose Nazario tells The World Next Week.
| Top Threat Sources, Past Month |
Rank |
Country |
Attacks per Subnet (past Month) |
Botnets hosted (past day) |
DoS events detected (past day) |
Phishing sites hosted (past week) |
Scanners per subnet (past month) |
|
1 |
China |
16176 |
26 |
699 |
3541 |
30854085 |
2 |
United States |
2436 |
302 |
4944 |
13876 |
8533458 |
3 |
Belgium |
90 |
4 |
0 |
1 |
5891945 |
4 |
Poland |
262 |
6 |
53 |
1128 |
1830332 |
5 |
Germany |
369 |
59 |
1412 |
2008 |
1475363 |
6 |
South Africa |
29 |
2 |
0 |
0 |
1628641 |
7 |
Great Britain |
179 |
18 |
7225 |
0 |
790893 |
8 |
South Korea |
234 |
39 |
2604 |
69 |
946530 |
9 |
India |
812 |
5 |
72 |
2442 |
1100578 |
10 |
France |
217 |
16 |
227 |
0 |
1090456 |
The recent NATO summit began to debate guidelines for coordinating national moves to guard against cyber attacks. However, international organisations such as NATO face the challenge of co-ordinating member states actions, while respecting national sovereignty and autonomy. Moreover, it is far from clear which international organisation could and should take responsibility for spearheading the fight against cyber-attacks. For example, while there is some overlap between NATO and EU constituencies, this is not comprehensive and the two organisations have significantly different mandates.
'Walled gardens'
While initiatives to combat DDoS will become increasingly sophisticated, and will be effective at addressing current threats, hackers will also become more sophisticated in circumventing these. This could ultimately threaten the open nature of the internet, building pressure for sealed 'information appliances' and secure 'walled gardens', which would use filters and encryption to verify the identity of all network traffic. However, even this would be unlikely to contain what may ultimately be the largest cyber threat, namely a particularly large-scale DDoS attack, launched by -- for example -- the Chinese military.
Read more from the World Next Week
