Terror Bites

We have seen the Bulgarian Umbrella, which did for Georgi Markov in 1978, the mysterious (or not so mysterious) hanging of  ‘God’s Banker’ Robert Calvi in 1982, the terrible slow and public demise of Alexander Litvinenko poisoned by the very rare polonium and now, in sleepy Salisbury, all the more sleepy by the addition of some mysterious (mwahaha) nerve agent targeted at (surprise!) a KGB double agent.

A terrible business. We wish the extremely brave police officer that selflessly went to the aid of the target, and is now himself in hospital, a speedy recovery.  The jury is out on who the perpetrators of this crime might be, perhaps Mr Sherlock Holmes could assist?

Fortunately we aren’t (so far anyhow) in the poisoning game. We are however in the Information Security game and as you all will be well aware; security can be smugly pigeonholed into Confidentiality, Integrity and Availability (CIA, see what they did there?).

The availability, or not, of systems is so fundamental to modern life, especially if you are a teenager, that outages of public systems make big headlines. Unless of course you are GitHub in which case only the geeks, hell bent on inheriting the Earth will notice.

This week the code sharing and distribution site GitHub was subjected to the largest Distributed Denial Of Service (DDOS) attack ever seen, checking in at a mahoosive 1.35 Terabits per second. This was followed shortly afterwards by a second attack against a US based ISP (according to Arbor) which peaked at 1.7 terabits per second.

When we moved out of the cardboard box in the middle of the road in which we enjoyed a life of unadulterated luxury, all the Lord had available were modems which could deliver a whopping 28.8 or if you were lucky 56 kilo bits per second. How then that only 200 years later Terabits per second can be unleashed to take down a website?

You may have read about amplification attacks in the past. The short and long of these are techniques where an attacker sends a short request (like a DNS request), which if correctly crafted results in a torrential response – now if the attacker pretends to be GitHub, or your Internet facing servers, all of the return traffic comes your way and will overwhelm your infrastructure.

This week’s reflection vector of choice has been an open source caching product called memcached, which should never be exposed to the Internet directly.

As long as there are machines exposed to the Internet, the potential for a process on them to be abused into being naughty and used to take down services is a grim reality.

If you rely on your Internet facing systems to be available, we recommend that you take precautions and invest in DDOS protection. Our crack team is ready to tell you how we can help you do this using our NetSure360° Managed Service. For details, contact us at: [email protected] or call 020 7517 3900.