The Sony hack has again raised interest in the question of internet security. The Sony attack comes on the heels of other attacks on big corporations and they stem from a variety of motives, with many of them seeking to get credit card information and other data that enable fraud. The motives of the people behind the Sony attack seem less clear though the damage done to the privacy of large numbers of people is extensive. For most of us, the main concern is whether such attacks can be prevented so that we avoid having the private data we share with corporations compromised.
But other attacks do not seek to get information so much as to shut down the servers of companies using what are known as Distributed Denial of Service (DDoS) attacks. This happened over the holidays with Xbox and Sony PlayStation, with people unable to play games for a day or two. While not being able to play online games is not as much of a hardship as losing one’s confidential information, they do hurt the companies. Jason Schreier writes that the outlook for stopping such attacks is not good, as it is becoming increasingly easy to launch effective DDoS attacks with free software available online.
For example: the High Orbit Ion Cannon (HOIC), a free piece of software that allows anyone to flood a website with overwhelming amounts of dummy traffic created by custom scripts. Anyone with a computer can download this program, type in the URL of a website, and watch the HOIC generate fake user after fake user in hopes of overloading that site’s servers and bringing it down. And when multiple people use the HOIC at once on the same target, the damage can grow exponentially higher.
Taking on a multi-billion-dollar corporation like Sony requires more sophisticated methods, though. David Larson, CTO of the cybersecurity firm Corero Network Security, said he suspects that this PSN attack was the result of some sort of combination of DDoS tools that may have included botnets—collections of computer servers designed to connect and perform a unified action. Anyone can rent a botnet, Larson said—and combining botnets and Ion Cannon-like flooding programs can cause a lot of devastation across the web.
Just picture it: a thousand computers all using the same DDoS tools to generate countless fake accounts, all flooding the same website or server with thousands of gigabytes of data per second. “It’s tremendously easy,” Larson told me on the phone this afternoon. “Anybody can afford it; anybody can do it.”
This does not bode well. Apart from actual criminals, there are plenty of technologically savvy people with a lot of time on their hands who think that it is fun to bring down a massive corporation’s computer system as a way to demonstrate one’s computer skills. So we can expect to see more such disruptions.