HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Network Security / Dutch Man Held in Huge DDoS Attack
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Dutch Man Held in Huge DDoS Attack that Slowed Internet
Dutch Man Held in Huge DDoS Attack that Slowed Internet
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
29
2013



Police in Barcelona, Spain, arrested a Dutch man on Friday at the request of Netherlands police, who say he launched "unprecedented heavy attacks on the non-profit organization Spamhaus," which tracks the Internet's worst spammers.

Dutch prosecutors identified the suspect as S.K., and some news outlets reported his name as Sven Olaf Kamphuis, 35. He is expected to be sent to the Netherlands.

Kamphuis had previously been identified as a spokesman for CyberBunker, which is accused of a massive distributed denial of service attack against Spamhaus in late March. CyberBunker was on the Spamhaus list of notorious spammers and supposedly launched the DDoS attacks in retaliation.

The attacks, which made use of legitimate Internet DNS servers to flood systems with spurious traffic, slowed large portions of the Internet, and at the time was called the biggest cyberattack in history.

Some security researchers later questioned whether CyberBunker's move was just a public-relations stunt. Others say this signals the beginning of a new wave of such attacks.

Good News, Bad News

David Britton, vice president of Industry Solutions at 41st Parameter, said there is good news and bad news with the arrest. The good news is that the authorities may have removed one perpetrator from the mix. The bad news is that there are many more out there who are acting with impunity.

"I believe that we may have been lucky in this case, but we cannot rely on reactive measures to stop these attacks," Britton said. "We must be putting layers in place to prevent them from disrupting business on the front end."

Britton also pointed to DDoS attacks being used to create a diversion within the financial services industry. He offers an example: While the sites are down, fraudsters will submit a large number of wire transfers so when the site is back up the system is overloaded with pending transactions, and they are forced to process them without running the proper fraud screening.

"With the increased volume of these types of sophisticated attacks, and the sheer size of the attacks, it is clear that organizations must use all tools at their disposal to fend off attackers," Britton told us. "This includes not just the traditional firewall systems that must be in place, but leveraging tools that can also deflect the traffic that is being routed at the application layer, designed to simulate legitimate application traffic."

ISP Involvement Needed

Alex Horan, a senior product manager at Core Security, said the levels of data sent in this DDoS attack were some of the highest ever seen. And, he added, if that is a sign of the levels that are possible in the future, organizations need to revisit how they expected to handle a DDoS attack against their servers.

"The fact is they cannot be expected to handle it alone. The key is to move attack detection and defense as close to the attacking machines as possible," Horan told us. "Ideally, the ISPs of the attacking parties, most of whom probably don't even know their compromised machines are participating in the attack, would drop the traffic before it even gets out onto the Internet proper. The further onto the Internet this traffic gets, the greater an effect it has."

As Horan sees it, ISPs should do this -- and potentially the legislative bodies of the countries they reside on, to take proactive action. They must analyze and filter this traffic in response to requests by the ISPs hosting the servers being attacked. Until there is this coordinated response, he said, DDoS attacks will keep being a threat to legitimate servers on the Internet.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Sony is no stranger to breaches. Sony’s PlayStation Network was hacked in 2011 and attackers obtained 77 million user accounts. The latest attack comes against Sony Pictures Entertainment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.