Hackers Attack Root Servers
TMCnet Contributing Editor
In what is being termed as the worst hacker attack since the October 2002 distributed denial of service (DDOS) attack, hackers had a field day as they launched an unusually powerful attack and disrupted service on at least three of the 13 “root” servers that are used to direct traffic on the Internet. The attack began on Tuesday at about 5:30 a.m. Eastern Time and lasted as long as 12 hours.
Although hackers tried to disguise their origin, vast amounts of rogue data in the attacks have been traced to South Korea. The attack appeared to have been launched by a group of compromised PCs, which is called botnet.
Even though the attack lasted for more than 12 hours, average Internet users barely noticed any changes. But the attack made an impact at the deeper level as leading Internet security experts battled online to save some of the Internet’s most vital pipelines as the enormous volumes of data sent by the hackers threatened to saturate these pipelines. This resulted in two of the root servers suffering badly although they did not crash completely. Some other servers too experienced heavy traffic. The two hardest hit servers belong to the U.S. Department of Defense and ICANN. These servers were jammed with useless requests, causing them to hang occasionally. By 10:30 a.m. Eastern Time, Internet service providers successfully filtered enough of the traffic from the infected machines and the traffic was back to normal.
The attacks also targeted UltraDNS, the company that manages the servers, which manage traffic for Web sites ending in “org” and some other suffixes. In general, DNS servers locate Internet domain names and translate them into Internet Protocol (IP) addresses.
Compared to the previous DDOS attacks, this attack wasn’t as serious. While the bandwidth of the previous attacks had to be measured in gigabytes, bandwidth of this attack can be measured in megabytes, indicating that the volume of requests is not large. Also, the technology innovations in recent years have managed to distribute excessive workloads on the servers to other servers and prevent crashing. It was a small attack, but focused mainly on root servers.
The motive of the attack was not very clear. In the past servers have been ‘hijacked’ or attacked and demands have been made for money. Some hackers attacked servers for political reasons. But this attack seems to have no such purpose. Some experts feel that the purpose of this attack was just show off.
Recently, a study conducted by University of Maryland’s A. James Clark School of Engineering revealed that on an average, every computer with an Internet connection is attacked every 39 seconds! Hackers use methods such as automated scripts and brute force to guess the passwords. Once they gain access to computers, they decide whether it can be useful to them or not. If the system is found useful, they download the required software to that system and start using it for wrong and unlawful purposes, such as carrying out attacks that was mentioned in this article.
Experts suggest that to prevent hackers from gaining access to your computers, keep difficult passwords, which are not open to be hacked by brute force or guess. Avoid obvious passwords or using the usernames as the passwords.
Raju Shanbhag is a contributing editor for TMCnet. To see more of his articles, please visit his columnist page.
Don’t forget to check out TMCnet’s Whitepaper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers whitepapers, case studies and other documents which are free to registered users.