Cybersecurity best practices and DDoS defence strategies
The US Department of Defense said in August that it will be working toward security mechanisms aimed at taking down distributed denial of service (DDoS) cyberattacks in just a few seconds. The new systems will begin development in spring 2016.
After launching in the spring, the Extreme DDoS Defense (XD3) project is expected to take three years. The idea is that the mechanisms created will allow the Pentagon to rapidly stop typical DDoS efforts. The objective is mitigation of any assault within 10 seconds.
The government will be putting together a team of IT security specialists for the XD3 program, all of whom will have the appropriate security clearances given the nature of their involvement. This project is actually open for contractor proposals, which are being collected until October 13. The specific budget for the project is not yet public, but there are grants available for anyone whose proposal is used by the Pentagon.
In a distributed denial of service attack, an attacker directs a huge amount of traffic toward the server, causing a massive spike in resource consumption that typically results in the systems going down.
The reason that these attacks are so successful, even though they are incredibly simple, is that everything at an organization is typically in one logical place, stored and managed in the same locations. Both traditional and cloud systems make use of centralized data centers, according to the Pentagon’s statement on XD3.
“Responses to DDoS attacks are too slow and manually driven, with diagnosis and formulation of filtering rules often taking hours to formulate and instantiate,” the paper explained https://www.rt.com/usa/312806-pentagon-ddos-attack-security/. “In contrast, military communication often demands that disruptions be limited to minutes or less.”
The goal of the project is to stop distributed denial of service efforts by distributing assets geographically, building more intelligence into the assets by better masking their activities, and expediting recovery when hackers still break through.
DDoS has become of greater concern to both the public and private sectors in recent years, impacting federal agencies, financial institutions, and even the gaming community.
What really caught the attention of the federal government was an incident that occurred in July 2009. Both the Department of Defense and the White House were inundated with a DDoS assault of extraordinary scope. Two years later, major banks were hit with DDoS on a grand scale as well.
The United States is not alone in being targeted for these simplistic yet ruthless cyberattacks. Estonia was hit with distributed denial of service in 2007, knocking both the public and private sectors off the Internet for an entire two-week period.
Though DDoS is devastating to many companies, its origins are humble.
The year was 2000, and the story takes a page out of the Angelina Jolie movie Hackers. In Hackers (which came out in the 90s), a kid who’s about 10 years old hacks into major information systems, a SWAT team roles in and arrests him, and the judge decides that he will not be allowed to access a computer until he turns 18.
The first DDoS incident was actually an attack on the top search engine at the time and was perpetrated, likewise, by a minor – a Canadian who was 15 years old and went by the moniker Mafiaboy. The target was Yahoo. And the end result was, again, a scary interaction with the police.
Why the similarities? The whole thing was quite literally a childhood fantasy come to life. “By the time Hackers came out, I was eleven years old and already obsessed with the world of hacking,” wrote https://books.google.com/books?id=jDY0U-5km2wC&lpg=PA64&ots=3iVifUAFHs&dq=mafiaboy%20jolie%20hackers%20%22it%20was%20thrilling%20for%20me%20to%20see%22&pg=PA64#v=onepage&q=mafiaboy%20jolie%20hackers%20%22it%20was%20thrilling%20for%20me%20to%20see%22&f=false Michael Calce, who is now known for having renounced his hacker lifestyle. “That film, and my interactions with people online, inspired me to reach higher, to try to become a real hacker.”
Calce went after Yahoo on February 7. The ferocity of the attack on the Web’s second-most-visited site was unprecedented, downing it for three hours. Ironically, the teenage “Mafiaboy” was in the Montréal suburbs watching a Mafia movie – Goodfellas – when his father called his cell phone at 3 AM. The Royal Canadian Mounted Police were at the front door.
Since Calce had been so reckless with his online criminal behavior, the call from his dad wasn’t completely unexpected, according to Robert McMillan of Computerworld. “He had already talked to a lawyer after warning his father, weeks earlier, that he’d knocked offline a string of high profile Web sites — Amazon, eBay, Dell, CNN,” said http://www.computerworld.com/article/2533517/networking/mafiaboy-grows-up–a-hacker-seeks-redemption.html McMillan, “and his attacks had been widely covered in the press.”
Today, Michael Calce actually makes his living fighting hackers, as a security consultant.
Hacking has of course always been damaging, but the story of Mafiaboy now sounds quaint in the current climate. Today, even the Pentagon has to invest heavily in fortifications to protect itself against intruders both domestic and international.
What can you do to protect your systems in this not-so-quaint DDoS landscape? Use Nexusguard. Nexusguard DDoS+ Protection provides comprehensive, professional and cost-effective protection against the most potent denial of service attacks. Get started. https://www.nexusguard.com/services/ddos-protection.php
Responses to DDoS attacks are too slow and manually driven, with diagnosis and formulation of filtering rules often taking hours to formulate and instantiate. In contrast, military communication often demands that disruptions be limited to minutes or less.