Service Denial Attacks Threaten the Concept of the Internet

FTLComm - Tisdale
February 11, 2000

Unless you have been out on the trap line for the last five days you will have already heard more then you want about this crisis with the Internet. Just to recap for you, a series of major web sites have come under attack and each have been overwhelmed and forced to shut down for several hours. Though news sources reported attacks on Yahoo, E-Bay, CNN, and a stock market brokerage, the assault is far more wide reaching and has not been confined to this week.

The Internet is essentially a network of interconnecting data lines joining computer systems together, allowing information and commerce to occur along these connections. It was conceived by the United States government as a means to assist researchers in various universities to easily communicate with one another to advance scientific development. To make it work, it has to be open to all and it is its very design that this current attack is based upon. Though this topic seems high tech, it is really a simple concept and the problems that are occurring this week were tactics and software that has been around for two decades. Long before the Internet was opened to the public, University people, mostly students, had discovered that the whole system was vulnerable to overloading. There is a finite number of how much data a server can respond to and when you exceed that limit, the system, or that portion of the system, can grind to a halt.

The Service Denial Attacks are essentially an organised and orchestrated traffic jam producing grid lock on a specific target site. To make the traffic jam really excessive, the perpetrators of these events used some pretty old fashioned methods that are extraordinarily effective. Through some "hacking" (illegal interference with someone else's computer system) the culprits placed some simple programmes that they control on a very large number of computer systems. They chose university systems, smaller government agencies and some corporation systems where they planted their software. Then, in as many locations and as many other computer systems they could access, they placed other software. They used some systems to control hosts of others and then they have simply sat tight waiting to carry out their attacks when ever they chose.

The attack is initiated by sending instructions to the a handful of controlling systems who in turn instruct large numbers of other systems to begin sending massive volumes of data to the target. Within minutes the target computer system can be overwhelmed with data so that it can not cope and after attempting to serve what seems like legitimate requests it reaches a point where it shuts down. The Denial of Service Attack simple does what the Internet was intended to do, only it overloads a particular target system.

For every threat to a communications system counter measures are taken to reduce the risk. Here in Saskatchewan SaskTel, worried that its system might be compromised and used by unauthorised individuals coming into the system via the Internet and to prevent this from happening they purchased an elaborate computer system to prevent these entries. This computer system is called a "Firewall". Each time you log into Sympatico you are checked to see if you belong there and are granted authority to access those parts of the system which are appropriate. However, this process produces a delay in connecting and so often you will see a "streaming error" in your e-mail log file. That error is produced because the delay, times out your system's anticipated returning response. What I am explaining is that counter measures produce negative side effects as they protect the system, but to do so, they impede its operation.

The Service Denial Attacks put so much pressure on the target web sites that Internet traffic world wide was effected slowing all services. This means that even though you may not have been accessing CNN or E-Trader you would still have seen things slow down during the attack. The FBI has mounted a huge response to this threat and are endeavouring to find the culprit, or culprits, but the real issue is that the large number of systems that had been penetrated and compromised carried out the attacks on behalf of the bad guy. The FBI and Microsoft have both been targets of these forms of attacks at various times and those in the computer industry know that mini attacks have gone on for years. It is just that this time the attacks were extremely well organised and effective.

When I first began using the Internet there was no World Wide Web. We used the system for e-mail, news groups and file transfer (FTP) at that time if someone said something rude on a news group, it was likely that many would gang up on him and send him loads of e-mail to the point that he could not cope, being unable to determine what was real messages and what was harassment This process was called "mail bombing". The Denial of Service Attacks are just on a bigger scale.

To solve the problem all of those unwitting participating computers systems who have acted as controllers and slave systems, have to tighten up their security to prevent being penetrated and programmes being planted in their system. The likelihood of this being done is remote, simply because "there is always a way in". Not just hackers, but computer specialists of all kinds, can slip undetected into big and small computer systems. All of those home owners with cable modems and have their machines online all the time, are just dandy hosts to invasion and take over, even for just a minute or two. The likelihood of these attacks on major web sites being the work of some screwed up teenage hacker is extremely remote.

These attacks have been aimed directly at e-commerce, they selected the most obvious targets and picked them off. Many of us believe that this assault is some portion of the economic, or political faction sending a message. The target could have been only one of the many attacked and the others to throw the investigators off track. The primary goal would have been to produce some chaos and shut down a vital system for a measured and specific time. The results of these attacks has already been felt on Wall Street where high tech stocks which have been riding high have taken a plunge These events have the ear marks of a much wider, or much more focused objective, and it is entirely possible that the recurring attacks will be used to mask other events. With the business world relying so heavily on the Internet, there is a serious problem afoot.

Some have suggested that the American right wing types may be using these attacks to illustrate the dangers of relying upon the free and open world of the Internet and this will give them the ammunition to bring it under controls. Major corporations have felt that the "free" nature of the Internet goes against the "free enterprise" system (big companies deserve to make a fortune and nothing should happen without them getting a slice). Undermining the Internet and its infrastructure is in the interest of American big business and though it seems paranoid, it is entirely possible that some forces are here at work in an effort to shut it down so that a more commercially advantageous system can be put in its place.

Whatever is behind these attacks we know that despite it all, things will go on, even if a little differently. Poplar trees just grow, they are significant and resilient having a life time of as little as thirty five year,s but they make it possible for wild life habitats, the succession of other forest and they are almost unstoppable. You can cut them down, burn them, turn them into lumber of firewood and they will grow back. The Internet has been seeded and the concept is accepted, it is doubtful if any force can stop it, though it can be altered and upset, it is very much like poplar trees.