Anonymous DDOS Attacks Explained by Expert

The Megaupload closure coincided with the start of what was later known as the largest distributed denial of service (DDOS) attack in history, with reports saying that there were around 5,000 individuals, both hackers and simple activists, sending large amounts of packets at sites they considered guilty for the file-sharing service’s termination.

Around 27,000 computers were used in Operation Megaupload to take down and keep down sites such as the ones belonging to the FBI, US Department of Justice, RIAA, MPAA, France’s anti-piracy outfit HADOPI, and many others.

Since they recently launched a report that detailed precisely these types of attacks, we’ve contacted Radware trying to find out the technical details that lie behind them.

Ron Meyran, the director of Security Products at Radware, was kind enough to provide some insight regarding the latest DDOS attacks launched by Anonymous hacktivists and their supporters.

Meyran believes that the types of organizations targeted by these attacks are simply not prepared to handle DDOS attacks. Considering the fact that they’re not necessarily online businesses, they never expected the attacks.

The expert also shared some insight regarding the famous Low Orbit Ion Cannon, or LOIC.

“One of the main attackers’ cyber weapon Low Orbit Ion Cannon (LOIC), a simple open-source application that requires very little technical know-how to use,” Meyran said.

“Once the application is downloaded — either voluntarily or via a malicious link — the LOIC recruits computers into a ‘botnet,’ or a network of computers that floods a designated Web site with traffic until it crashes.”

He states that the links posted on Twitter, the ones that linked users to a site on PasteHTML which stored the JavaScript code required to easily launch the attacks, were a great aid for Anonymous, mainly because some of the victims may have not known what they were actually part of.

“Many of the attacking users did not know they’re attacking. It’s very dynamic and the only way to stop the attack is to absorb it, or find its origin. But in this case anyone can become an attacker and unless you can find the user, you can’t stop the attack.”

As for the possibility of mitigating these attacks, even though they’re not technically sophisticated, they are almost impossible to stop because of the mix of attack vectors comprising network flood attacks, application flood attacks and directed DOS attacks.

“I believe that some of the sites under attack had DDoS protection measures from their service provider, or believed that their firewall could fend off DDoS attacks,” he added.

“They all found out that either the attacks overloaded their firewalls (which became the bottleneck) or that the service provider could stop the network flood attacks – but not the rest.”

Over the weekend, we will publish a complete interview with Radware’s Ron Meyran regarding the issue of the DDOS attacks launched by Anonymous and others. Stay tuned to find out more.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.