Distributed denial-of-service (DDoS) attacks continue to flourish and they may become much easier for attackers as tools and services continue to hit the market.
In addition, when it comes to wireless network operators’ security capabilities appear to lag their wired counterparts by about 10 years, principally in terms of the visibility they do or don’t have into what’s happening on their TCP/IP networks, which now serve an enormous number of smartphone users and their increasing data consumption requirements, according to a research study by security firm, Arbor Networks.
“Wireless operators around the world had become what I like to call ‘accidental ISPs’ over the last four years, since the introduction of the iPhone,” said Roland Dobbins, Asia-Pacific solutions architect for Arbor Networks.
“Some of the larger providers have really done a tremendous job of making a transition, understanding that TCP/IP is really the future,” he said. “But there are a number of wireless providers around the world at which the senior management doesn’t agree with the proposition that their primary business is now Internet access, and that voice … will become [only] packetized TCP/IP.”
At those organizations, knowledge of TCP/IP security can lag, which leaves the telecommunications carriers at greater risk of not being able to cope with DDoS attacks launched at their wireless networks. “There’s still this focus on minutes versus packets. It’s going to take a lot of time for the industry to make that conceptual shift,” said Dobbins.
Meanwhile, the hacking group Anonymous created its low orbit ion cannon (LOIC) DDoS attack tool, which worked very well for them, but also gave the good guys a chance at adding to their intelligence list.
LOIC is just one of many DDoS tools now available for online use, downloading, or renting. There’s now a thriving DDoS tool and botnet ecosystem that includes “single user flooding tools, small host booters, shell booters, remote access Trojans (RATs) with flooding capabilities, simple DDoS bots, complex DDoS bots, and some commercial DDoS services,” said Curt Wilson, a research analyst at Arbor Networks. “Many types of threats can be blended into any given tool in order to make the tool more attractive and financially lucrative”–as in, profitable for whoever’s renting out the DDoS capabilities.
Wilson counted 55 different DDoS tools, which are still just a fraction of what’s publicly and commercially available. Of course, some of these tools are more dangerous than others.
There are complex DDoS toolkits and related bots, and typically also Web-based command-and-control interfaces. These toolkits sport names such as Darkness/Optima, DeDal, Dirt Jumper, G-Bot, and Russian Armageddon. Services such as Death DDoS Service and Totoro offer commercial DDoS options, meaning that rather than running the tools themselves, attackers can just outsource the job.
Why launch a DDoS attack? Many times, as with botnets, the goal is to steal information, such as financial details or passwords. But such attacks also see use for business purposes. “While there are numerous motives for DDoS, such as revenge, extortion, competitive advantage, and protest, many of the commercial DDoS services emphasize competitive advantage with wording devoted to taking down a competitor,” said Wilson. “More troubling is the recently reported distracting use of DDoS to flood networks after financial theft has been performed via a banking Trojan in order to allow the thieves extended access to the loot.”
Half of DDoS attacks now focus on ideology, according to the Arbor Networks 2011 attacks study. “Ideologically and politically motivated DDoS attacks have dramatically risen as the perceived root cause of large-scale DDoS attacks on the Internet,” Dobbins said.
Previously, he said, service providers and network operators saw the leading causes of DDoS attacks as “nihilism, vandalism, criminal activity, and gaming activity — people unhappy with their gaming comrades, who DDoS them,” he said. “Then there’s criminal extortion, where people will demand ‘protection money’ to allow a DDoS’d site to come back up.”