We've read a lot this week about the distributed denial of service (DDoS) attacks against Spamhaus. Now, we learn that three scuba divers have been arrested in the Mediterranean for trying to cut a submarine data cable that Telecom Egypt owns. A spokesperson for the military revealed the news.
On his official Facebook page, Col. Ahmed Mohammed Ali said the divers were caught while "cutting the undersea cable." His statement also indicated the culprits were caught on a fishing boat as it raced off the Alexandria city port.
Ali's statement included a photo of the three suspects, who appeared to be Egyptians, according to the Associated Press, and the men were looking up at the camera from what looks like an inflatable launch.
Since March 22, Egypt has reported disrupted Internet services. The AP reports that Telecom Egypt executive manager Mohammed el-Nawawi told the private TV network CBC that the damage was caused by a ship, and there would be a full recovery on Thursday.
DDoS Attacks Getting Bigger
So far as Spamhaus, a company that tracks the Internet's worst spammers, and the DDoS services Cyberbunker launched against it, security analysts are still talking about the implications of the attack.
At first, it was called the largest-ever cyberattack in history. Now that time is passing, some are questioning whether it was just a PR stunt. Still others see this as the beginning of a new wave of attacks.
We caught up with Tom Cross, research director at Lancope, to get his thoughts on the situation, now that the dust is settled. He told us these attacks are just the latest development in an ongoing trend -- DDOS attacks on the Internet are becoming larger and more frequent.
Preparing for the Worst
"In this case the attackers were able to create such a massive flood of traffic by bouncing their attack off of DNS servers, which can multiply the size of the attack by many times over," Cross said. "There are millions of DNS servers out there on the Internet that can be abused in this fashion, and several emerging technologies such as Secure DNS, Voice over IP, and Video on Demand may make this problem worse in the future."
As Cross sees it, every organization with an Internet presence should have a plan in place for responding to DDOS attacks. The time to develop a plan for reacting to these attacks is not the day that your organization is targeted.
"You need to be prepared well in advance. There are several different kinds of DDOS attacks that networks can experience, including massive floods of traffic of the sort seen here, as well as more precise attacks that target specific application weaknesses," Cross said. "Different mitigation techniques are required for these different attack classes."
Cross also said it's important that organizations have assessed how their infrastructure could be impacted by different kinds of DDOS attacks, and developed detection and response strategies for each class of attack.
He concluded: "IT leadership should be asking questions, such as who in the organization is responsible for monitoring the network to detect an attack? How do they detect it? Who do they contact in the event that an attack occurs? How do they respond? Has this response plan been tested?"