This page contains a Flash digital edition of a book.
...Point....... Occupy DDoS

here’s something almost (and I stress almost) noble about ‘hacktivism’. It marries two defi ning characteristics of the current generation – programming and protest – while also carrying the whiff of fun and danger. It’s non-profi t and non-threatening, yet promotes a particular ideology, business ethics, even human rights. It’s carried out in the belief that it’s all for a good cause. In sum, it’s a perfect refl ection of the zeitgeist. Now, try telling that to information security professionals. For them, the painful reality is that techno-anarchy has the same effect on networks as any other kind of attack. They don’t see the difference between this or other assaults – and they’re right. Allow me to explain why. First, let’s be clear that most distributed denial-of-service (DDoS) or hacking attacks are categorically not noble. They’re typically carried out by hardened criminal networks, and the goal is defi nitely to make a profi t, specifi cally huge fi nancial gains. Nevertheless, attacks launched by underground hacker collectives draw the most coverage, because of their targets and the way the attacks are designed to draw media attention. As such, they bring negative publicity to a company, and are given more consideration than is prudent. Because of this, in the course of dealing with these hacktivists, networks are left vulnerable. Even in a best-case scenario, the network is taken down for a period of time, and the brand takes a hit. That’s bad enough, but in a worst-case scenario, these protestors are actually exposing the entire network to profi t-minded attacks. The hacktivist causes mayhem to publicly embarrass a particular entity and draw attention to a cause. The criminals

T 42

then swoop in to steal information and rack up profi ts.

Although there are many forms of hacktivist attacks – from site defacements to virtual sit-ins and typosquatting – one of the most popular (and lethal) seems to be the DDoS attack. In the most common incarnation of this method, the target network is saturated with external communication requests; so many requests that it can’t respond to legitimate traffi c, or does it so slowly that it’s useless. In laymen’s terms, a DDoS attack crashes the server. More ominously, while the DDoS attack is sending multiple packets of information to a single target, every other network device in the chain is experiencing the effects. The virtually endless hours of downtime and the very real and persistent presence of attack traffi c make for a huge distraction. It’s devastating for the entire organization. Unfortunately, most entities – whether they’re government agencies or large corporations – are ill-equipped to handle such threats. There’s a lack of purpose-built technology for dealing with these problems, and most service-level agreements (SLAs) don’t include a 24/7 commitment to detect and mitigate DDoS attacks. There’s no panacea on the horizon, no silver bullet that defl ects such attacks. Yet, the right combination of defenses can minimize or even eliminate the damage. In the event of a DDoS attack, every minute counts. To ward off the potential for brand damage or a data breach, the response must be immediate, surgical and comprehensive. This is only possible with a global network that has the bandwidth needed to scrub bad traffi c, and an effective mix of best-of-breed mitigation technologies.

Surprisingly, some organizations still believe that their SLAs with managed service providers or upstream carriers give them the resources and skills to put up a defense. In reality, most don’t. Only a service specifi cally dedicated to the task can do the necessary scrubbing while keeping the trains running on time.

So the next time you read about a hacktivist attack on a government agency or a large corporation, look past the perceived coolness and spare a thought for the infosecurity people dealing with the problem. While hacktivists are romanticized as being the biggest security threat around today, information security professionals need to watch for the criminals who might be right behind them.


Ted Swearingen is Neustar’s director of information security operations and currently manages the company’s Security Operations Center (SOC). He is also responsible for project consolidation between the network and security teams, along with oversight of security responsibilities for both.

May/June 2012

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52