It is common for most stories on cyber crime to talk about the user as a victim. But have we ever considered that the user can be part of the problem, purely through lack of awareness?
One of the most recent examples is the Distributed Denial of Service (DDoS) on Spamhaus— one of the biggest till date — where millions of computers were used to launch an attack that nearly choked the Internet. While this particular method of attack is one of the oldest and not the most sophisticated, it’s proven to be very effective, time and again. Dating back to the late 1990s, networks of ‘zombie’ machines have been used to try and knock websites offline, making them unusable, often preventing e-commerce. Sometimes denial-of-service attacks are mere Internet “joyrides”, at other times they may be orchestrated by competitors or persons with malicious intent.
In fact, in 2007, the Internet in Estonia was shut down due to denial-of-service attacks that were caused by being overwhelmed by ‘botnet’ contact, and Georgia was severely disabled by botnets in 2008.
Mechanics of DDoS
So how does DDoS work? DDoS attacks are most commonly executed by botnets, an extremely sophisticated and popular type of network that not only infects systems, but also gives criminals control of the compromised computers. This begins with the criminal mastermind infecting vulnerable systems around the world with a small piece of malware, either downloaded by clicking on a malicious link, or opening a spam email. This method allow cyber criminals to take control of multiple systems at a time, and turn them into zombie computers, which operate as part of a powerful botnet to spread viruses, generate spam, and carry out large-scale attacks. Networks of ‘zombie’ computers are flourishing across the world, and India is one of the most-infected countries.
Bots often spread across the Internet by searching for vulnerable, unprotected computers to infect. When they find an exposed computer, they quickly infect the machine and then report back to their master — called a command-and-control server. Their goal is then to stay hidden until they are instructed to carry out a specific task.
The real-world equivalent of this is sleeper agents who infiltrate an organisation until it is time to launch a coordinated strike. By choking the web, the attackers have made a statement.
Three decades ago, there weren’t as many users on the Internet for its slowdown to have a powerful impact.
Further, there weren’t enough mainstream users, who often have no clue about the dangers lurking around the corner and are therefore not prepared to face them, who could be unwittingly compromised for the cyber attackers’ malicious purposes.
In real life, we’ve heard countless stories of individuals at airports who have become unknowing carriers of contraband. The same thing is happening on the Internet, where innocent users are tricked into downloading malware that is the carrier of something more insidious. Ignorance is not a defence in a court of law, and the Internet can be as unforgiving. Building strong protective mechanisms, and staying cautious by following security best practices, are the only ways that users can ensure they are not pawns in the hands of cyber attackers.
(The author is Vice-President and Managing Director, India Product Operations, Symantec)