Powerful, targeted Internet attacks on rise

Published 16 March 2006

Security experts warn that a new variety of unusually powerful Internet attacks may well overwhelm popular Web sites and disrupt e-mails by exploiting the computers which help manage global Internet traffic. First detected late last year, the new attacks, belonging in a category of attacks typically called “distributed reflector denial of service,” direct such massive amounts of spurious data against victim computers that even leading technology companies could not cope. In one of the early cases examined, the unknown assailant apparently seized control of an Internet name server in South Africa and deliberately corrupted its contents.

Experts traced at least 1,500 attacks that briefly shut down commercial Web sites, large Internet providers, and leading Internet infrastructure companies during a period of weeks. The attacks were so targeted that most Internet users did not notice widespread effects.

Ken Silva, the chief security officer for VeriSign, compared the scale of attacks to the damage caused in October 2002 when nine of the thirteen computer root servers that manage global Internet traffic were crippled by a powerful electronic attack. VeriSign operates two of the thirteen root server computers, but its machines were unaffected. “This is significantly larger than what we saw in 2002, by an order of magnitude,” Silva said.

Silva said the attacks earlier this year used only about 6 percent of the more than 1 million name servers across the Internet to flood victim networks. Still, the attacks in some cases exceeded eight gigabits per second, indicating a remarkably powerful electronic assault. “This would be the Katrina of Internet storms,” Silva said.

The U.S. Computer Emergency Readiness Team (U.S.-CERT), a partnership with DHS, warned network engineers in December of such attack.

- read more in this AP report; see U.S.-CERT Web site