MONTEVIDEO, Uruguay – After the Megaupload.com file-sharing website was closed last January on charges of copyright infringement, a group of hackers known as “Anonymous” launched cyber attacks, leaving offline several government websites from several countries, including France, Poland (above) and Brasília, Brazil, in addition to some in the music industry.
This type of cyber attack, called Distributed Denial of Service (DDoS), seeks to take out a particular resource, generally a web server, by sending so many files it causes the overloaded machine to crash.
A DDoS attack is often carried out by numerous hackers who act simultaneously, said Carlos Martínez, a research and development engineer at the Latin America and Caribbean Internet Addresses Registry (LACNIC).
“The servers attacked are compromised when large networks are used to generate a great flow of information from several connection points that converge on one specific target, sending more traffic than the server can handle,” he said.
Attacks can be measured by duration and volume. The volume can be measured in two ways – in how many packets per second (pps) are transmitted or how many bytes per second (bps) are sent to the targeted server.
Latin America registered an increase in the amount of attacks under one gigabyte per second (Gbps), which in 2011 represented 96.16% of the total, a 1.47% increase from the attacks registered in 2010, according to the 2011 Infrastructure Security Report by Arbor Networks, a web security company.
Last year, 91% of the 114 Internet operators surveyed globally by Arbor Networks suffered at least one DDoS attack monthly, up from 76% in 2010. And 44% of them received 10 or more attacks monthly, up from 34% in 2010, according to Carlos Ayala, a security consultant for Arbor Networks.
The report indicates these attacks have become more common in the region, Martínez said.
“For [the region], those attacks under one Gbps involve a lot of traffic,” he added. “Given the state of infrastructure in Latin America, you don’t need an attack to be high on Gbps in order to cause large-scale damage.”
Brazil was the main target of large-scale attacks in 2011, both in Gigabytes per second (Gbps) and Million packets per second (Mpps). The biggest one it registered was 10.465 Gbps, while the largest one in the world was 60 Gbps, according to Arbor Networks.
In terms of Mpps, the largest attack Brazil suffered was 10.836 Mpps, while the biggest in the world was 35 Mpps, but the target wasn’t listed in the report.
Brazil likewise endured the longest-lasting attack, at 14 days, six hours and 29 minutes.
Argentina suffered the second-largest attack in the region (4.007 Gbps), which lasted two days, 25 minutes.
The average length of these attacks in Latin America was an hour and 45 minutes, according to Arbor Networks.
From protesting to extortion
The DDoS attacks are launched for several reasons, the most prominent being politically motivated – known as “hacktivism” – said José Luis López, executive director of the security software company ESET Uruguay.
But what began as a form of political protest is turning into a business and opening the door to cyber mafias, he added.
“The creation of botnets, which are computer networks whose security features have been disabled and are used by third parties to carry attacks, became a way to make money, with developers making hundreds of thousands of dollars on sales,” López said.
Botnets are remotely controlled networks of robot programs that can be commanded by one computer.
The cost of renting botnets to launch DDoS attacks range from under US$100 to US$1,000 or more, depending on the size of the botnet and features offered, López said.
It’s also not hard to acquire a botnet.
“All you need is to visit certain blogs and social networks to get instructions on where to gain access to these botnets,” he added.
DDoS attacks are on the rise because the technological evolution has made them more sophisticated and inexpensive to carry out, López said.
“[The attacks] are more selective, which increases the possibilities and capacity for action,” he added.
A successful attack can cost a medium-size company about US$150,000 and clients, according to a 2011 report by Neustar, a cybersecurity company.
For this reason, some companies prefer not to reveal their identity, opting instead to pay extortionists who threaten to launch cyber attacks, Martínez said.
“The victims are driven to pay a determined sum of money so their servers won’t be attacked,” he said. “The main targets are online banks and web gaming sites for poker or betting, for which being offline means taking big financial losses.”
López said the most noteworthy effect of an attack is its potential impact on the image of a company or group.
“Sites that conduct electronic sales can end up losing several million dollars when their services are interrupted,” he added. “However, the cost that is hardest to estimate is the loss of prestige and reputation endured by the company or its webmaster.”
Another difficulty with DDoS attacks is identifying the perpetrators, mainly because of the “distributed” nature of the onslaught, Martínez said.
“There appear to be thousands – sometimes hundreds of thousands – of different IP addresses. There’s always some ‘central intelligence’ behind them, but it’s hard to uncover,” he said.
Martínez said the way to prevent DDoS attacks is through mechanisms such as “cleaning centers,” which make the “dirty” traffic go through equipment that “cleans” it, but the device can be very expensive. He said it is important for every computer in a company’s network to have a firewall or software that prevents cyber attacks.
“When it comes to countering a DDoS attack, it’s necessary to make a coordinated effort among the Internet service providers and their traffic providers,” he added. “You need to establish some filters that allow you to slow down the flow of packages while you help the victim try to stop the attack.”