Barrett Lyon is a Co-Founder of BitGravity. Barrett founded Prolexic Technologies, where he created the first successful managed service to defend enterprises from Distributed Denial of Service attacks. Prior to Prolexic, Barrett served as a senior consultant for Network Presence, where he managed engineering teams responsible for the security of Fortune 100 corporations. He has also worked with law enforcement teams around the globe in tracking internet extortion groups. One of only three people to ‘map’ the entire internet. Recently, he argued at an International Terrorism and Intelligence conference, that Twitter was an obvious DDoS target. He answers questions from Global News Online on the August 6 Twitter attack:
Q: Twitter says they were the victim of a ‘Denial of Service’ attack, what does that mean?
A: A ‘Denial of Service’ attack is in essense, bombarding a website to shut it down. It’s the equivalent of having a restaurant with a capacity of 200 people, all of a sudden, having 100,000 people trying to sit at one table. This not only prevents the restaurant from serving it’s customers, but can also result in traffic accidents on the nearby street, neighbouring businesses being bombarded by so many people. It is done by operating a ‘botnet’ which allows the hacker to manipulate thousands of computers to do what it wants.
Q: Recently, you argued that Twitter is susceptible to this type of attack, why?
A: Judging by their quick response to this morning’s attack, it looks like they’ve fortified their network recently. But they have one ISP which is typically not a good idea. Their network isn’t very distributed which gives an attacker a quick entry point to attack. What’s interesting about Twitter is that there are a lot of people who would like to see it go away. As the Iranian protests demonstrated, Twitter can be an effective tool for social movements, making them quite a target. This is going to happen more frequently.
Q: What happens next?
A: Twitter will likely talk to the FBI and security consultants who are adept at tracking botnets. They’ll took a look at the server/logs. With 100,000 computers coming after you, it’s likely that at least a few of those terminals gave off some residue about what’s going on. You could probably piece together a picture of where it’s coming from.
Q: Will the suspect in this attack ever be caught?
A: Finding the attacking computer takes a huge amount of dedicated resources, no one I know is prepared to do that so there’s a good chance this suspect will never be caught. Even if they are caught, fighting a ‘Denial of Service’ case is really difficult. I worked with a team that managed to prosecute 3 Russian hackers. They were sentenced to prison for 8 years, but it took 3 years to win the case.
Q: How common is this type of attack?
A: It comes in waves. In the past ‘Denial of Service’ attacks were used for extortion, "Give us x amount of dollars or we’ll shut down your site." Once those attacks stopped generating money and left attackers exposed, the attack shifted to more of a weapon of censorship. These attacks are not hard to do, anyone from a kid angry about a tweet, to a government trying to shut down Twitter could use them.
Q: Anything else we should take away from today’s attack?
A: The internet is a scary place and this kind of stuff will continue to happen until there are better protocols out there.
Comments
Want to discuss? Please read our Commenting Policy first.