Emergency.Blog : DDoS Attacks Reported on DNS Servers Overnight

« Iranian Diplomat Reported Kidnapped in Baghdad | Main | Explosion and Multiple Alarm Fire in Kansas City »

Wednesday, February 07, 2007

DDoS Attacks Reported on DNS Servers Overnight

Hackers attack key Net traffic computers

Posted 2/7/2007 7:41 AM ET
By Ted Bridis, The Associated Press

Computer Attacks WASHINGTON, DC; USAToday/The Associated Press are reporting that hackers briefly overwhelmed at least three of the 13 computers that help manage global computer traffic Tuesday in one of the most significant attacks against the Internet since 2002.

Experts said the unusually powerful attacks lasted as long as 12 hours but passed largely unnoticed by most computer users, a testament to the resiliency of the Internet. Behind the scenes, computer scientists worldwide raced to cope with enormous volumes of data that threatened to saturate some of the Internet's most vital pipelines.

The Homeland Security Department confirmed it was monitoring what it called "anomalous" Internet traffic.

"There is no credible intelligence to suggest an imminent threat to the homeland or our computing systems at this time," the department said in a statement.

The motive for the attacks was unclear, said Duane Wessels, a researcher at the Cooperative Association for Internet Data Analysis at the San Diego Supercomputing Center. "Maybe to show off or just be disruptive; it doesn't seem to be extortion or anything like that," Wessels said.

Other experts said the hackers appeared to disguise their origin, but vast amounts of rogue data in the attacks were traced to South Korea.

The attacks appeared to target UltraDNS, the company that operates servers managing traffic for websites ending in "org" and some other suffixes, experts said. Officials with NeuStar, which owns UltraDNS, confirmed only that it had observed an unusual increase in traffic.

Among the targeted "root" servers that manage global Internet traffic were ones operated by the Defense Department and the Internet's primary oversight body.

"There was what appears to be some form of attack during the night hours here in California and into the morning," said John Crain, chief technical officer for the Internet Corporation for Assigned Names and Numbers. He said the attack was continuing and so was the hunt for its origin. Article continues at: http://www.usatoday.com/tech/news/computersecurity/2007-02-07-hacker-attack_x.htm?csp=34

ERRI References:

"Series of "Real-time" EmergencyNet News Reports Concerning Denial of Service Attacks on Leading Web Sites on the Internet - 08 Feb 2000 to 16 Feb 2000," (includes diagram of "controller and zombie" computers), can be found at: http://www.emergency.com/2000/dos2000.htm

22 Oct 2002 -- Warnings and Indications: Attack Reported on Root DNS System of Internet

By C. L. Staten, Senior National Security Analyst, Emergency Response & Research Institute (ERRI)

CHICAGO, IL (EmergencyNet News) -- According to various reports from reputable sources, the internet suffered one of it's most extensive attacks on the servers that route traffic through the rest of the network at about 17:00EDT on Monday. The incident reportedly affected as many as 7 of the 13 world-wide DNS servers. According to federal officials the National Infrastructure Protection Center (NIPC) is conducting an inquiry into the incident that lasted about one hour.

The method of attack is called a "distributed denial of service" or "DDOS." It is carried out by commanding multiple computers, that have been previously compromised via a "trojan" or "worm," or other virus and using them to attempt to overwhelm the target server. In the case on Monday, the attacker (s) attempted to compromise the main servers that translate names and numbers into usable references for all computers to locate resources on the internet.

In February 2000, CNN, Amazon.com, eBay, Yahoo, and a number of other commercial and news websites were severely disrupted for several hours due to DDOS attacks. Click here to learn more about DDOS attacks in a: Series of "Real-time" EmergencyNet News Reports Concerning Denial of Service Attacks on Leading Web Sites on the Internet - 08 Feb 2000 to 16 Feb 2000

ERRI computer analysts said that while Monday's attack was serious, that what could be more ominous is a possibility that it may have only been a "probe" or "test of concept" in a larger plan that might occur in the future. The attacks could also have been carried out in an attempt to further undermine confidence in computer systems upon which the U.S. and her allies have grown dependant for their overall military and economic superiority. To achieve the greatest effect, the likelihood is that a more wide-spread or attack of longer duration would be carried out on important infrastructure sites during some sort of other military, terrorist, or political crisis...in an concerted attempt to degrade communications, reduce interoperability, and lessen the cyberspace capabilities of the United States.

http://www.emergency.com/2000/compdefnse-implc.htm

http://www.emergency.com/techthrt.htm

http://www.emergency.com/2000/cybersec2000.htm

Posted by C. L. Staten at 13:57.08
Edited on: Wednesday, February 07, 2007 14:09.51
Categories: Cyberwar/Cybercrime, Homeland Security