Political cyberattacks to militarize the Web

Governments looking to silence critics and stymie opposition have added DDOS (distributed denial-of-service) attacks to their censoring methods, according to a security expert speaking at the Source Boston Security Showcase.

Slideshow: 10 of the Worst Moments in Network Security History

As the use of DDOS for political gains increases, expect the Internet to become more militarized said Jose Nazario, senior security researcher at Arbor Networks, in an address on Wednesday.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Governments looking to silence critics and stymie opposition have added DDOS (distributed denial-of-service) attacks to their censoring methods, according to a security expert speaking at the Source Boston Security Showcase.

Slideshow: 10 of the Worst Moments in Network Security History

As the use of DDOS for political gains increases, expect the Internet to become more militarized said Jose Nazario, senior security researcher at Arbor Networks, in an address on Wednesday.

"I don't think anyone is going to die because of these attacks, or a phone won't work, but it is early," he said, noting that other weapons have evolved from their initial forms.

In DDOS attacks, botnets, or a group of compromised computers used for malicious purposes, attempt to connect en masse to a victim's Web site. The server hosting the site is unable to respond to the abundance of communication requests and shuts down or returns pages so slowly that site is essentially inaccessible.

"The premise is to aggregate bandwidth and knock an adversary offline," said Nazario.

Nazario discussed how major international political situations spawned DDOS attacks. Unsuccessful DDOS attacks were launched at the Pentagon's network after the 2001 collision between a U.S. Navy spy plane and Chinese fighter jet resulted in the Navy plane making an emergency landing in China, he noted. CNN's Web site experienced a similar attacks after one of the network's reporters made disparaging comments about China's hosting the Olympic Games. China was reportedly responsible for both incidents.

"These folks are launching these attacks to show support for their own government," said Nazario.

Nazario mentioned the 2007 DDOS incidents that crashed the Estonian government's servers. Russia supposedly conducted those attacks after the government of its former territory moved the statue of a Russian soldier. The attackers built primitive tools and launched a basic campaign, but the end result shut down the government, he said.

Russia was also reportedly responsible for the August 2008 DDOS attacks against Georgia, a former Soviet Republic. Russia launched a military attack against Georgia to support a separatist faction. Cyberattacks against Georgian government Web sites coincided with Russia's military campaign, the first time in 10 years that Nazario saw an Internet and ground war launched simultaneously.

Governments are interested in using DDOS attacks since tracing their originators and financiers proves difficult for security researchers. Arbor Networks could not conclusively link the Estonian attacks to Russia while Estonia questioned Arbor's findings, said Nazario.

"We can tell you certain technical aspects, but we can't tell you who is paying them," he said. "There is no smoking gun as to who launches the attacks."

The pace and complexity of the DDOS is increasing, Nazario said, as opposition groups further use the Internet to coordinate. Groups using the Web to communicate makes it a natural target, he said.

The IDG News Service is a Network World affiliate.