We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,678 News Articles

Denial-of-service attack threats still loom

Worms and zombies could make future attacks more devastating

The types of massive distributed denial-of-service (DDOS) attacks that knocked several big e-commerce Web sites out of action earlier this year remain a viable threat that could grow even more sophisticated, according to experts at last week's US government-sponsored National Information Systems Security Conference in Baltimore, Maryland.

DDOS attacks entered the public consciousness last February, when commercial sites belonging to EBay, Buy.com, and other companies were attacked with an overwhelming flood of network traffic.

Speaking at the conference, Tom Longstaff, manager of research and development at Carnegie Mellon University's security advisory service, said such attacks haven't disappeared, and he warned that their severity could increase.

In a DDOS attack, an intruder breaks into a system and turns it into a "zombie," then uses that machine to target Web servers run by other companies.

There are now indications that worm programs are being used to automatically propagate large numbers of zombies, Longstaff warned.

A DDOS attack utilising a worm will spread "much more quickly, and it is much more difficult to trace back to the intruder," he said.

But the major concern among some attendees of the annual event was not the criminal hacker from outside a company or government agency, but the "insider" threat from disgruntled employees.

All the attention being given to external threats may be affecting the ability of some agencies to respond to ones from insiders, according to Lee Brandt, a network security officer at the Washington-based Federal Railroad Administration.

The biggest threats to business networks are from other countries, competitors, or insiders, according to Jeff Moss, a security consultant and the founder and organiser of Def Con, the annual underground convention attended by hackers, security experts and law enforcement officials.

"You can't be a lone computer hacker and try to fence stolen information," Moss said. "Hackers are great at technology; they're not great at being criminals."


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...