The Proxy Update

Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.

Friday, August 7, 2009

Hacker attack takes down Twitter, Facebook, LiveJournal

The big news yesterday was an annoyance to many users of social networking. Twitter, Facebook and LiveJournal were overwhelmed Thursday morning by denial-of-service attacks disrupting access to an estimated 306 million users of the popular social networks.

It's believed thousands of infected home and workplace PCs, called bots, were instructed to flood the websites with nuisance requests, thus cutting off access to anyone else.

From USA Today's report on the outage:
Security experts can't say if the attacks were related. Twitter's 35 million users around the globe could not Tweet at all for at least three hours.
...
Access was restored in much of the U.S. by 1 p.m. Eastern time, but Twitter could not be reached via iPhone or in Eastern Europe through much of the day, says Stephan Tanase, a senior anlayst at Kaspersky Lab. "This was definitely a pretty heavy attack," says Tanase.

Facebook reported degraded service for some of its 250 million users, while LiveJournals says its 21 million users were cut off for an hour.
...
Roger Thompson, a senior researcher at antivirus company AV, says a vigilante may have been trying to "get the attention of the world on the botnet problem." Estimates vary, but some 40% of Internet-connected computers may be under the control of criminals who can easily use them for a variety of criminal pursuits.

By shutting down Twitter, the attacker may have been trying to show how powerful bot networks can be in the hands of criminals, says Thompson.

Another possible explanation: the denial of service attacks were meant to misdirect security teams. IBM recently helped a corporate client tighten security after a denial of service attack. Investigators learned that as the company scrambled to block the bot network bombarding it with nuisance requests, the attackers used a different botnet to steal data.

"It's like jingling your keys at a baby so they don't pay attention to what you're really doing," says Dan Holden, a manager at IBM's X-Force Research Lab.


Seeing how strong this botnet army has gotten, is a good reminder to make sure none of the systems under your jurisdiction are part of this army. Part of that protection is of course a good proxy architecture, that protects your users from getting infected in the first place.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)