AOH :: ISN-3068.HTM

Airline foils hackers with latest high-tech defences

Airline foils hackers with latest high-tech defences
Airline foils hackers with latest high-tech defences 

By Bill Goodwin
27 September 2006

A private airline which faced financial ruin after a hacking gang 
brought its computers to a halt during three months of sustained 
attacks, claims to have turned the tables on the hackers by installing 
the latest high-tech defences.

The airline, which runs shuttle services between Italy and Albania, 
narrowly survived after the gang bombarded the companys systems with 
millions of requests during its busiest booking period.

Small companies which rely on the web for business are particularly 
vulnerable to denial of service attacks, but it is rare for firms to 
talk publicly about their experiences. Online sports betting sites, 
including Paddy Power, were hit by a spate of attacks two years ago from 
gangs demanding the payment of a ransom.

In an interview with Comptuer Weekly, Albatros Airlines, said it lost 
20,000 a day after the attackers left its website inaccessible to 
travellers and travel agents for weeks at a time.

There was total disruption of sales. We could not sell anything via our 
system, and had to wait for phone calls from travel agencies, said Erion 
Elmasllari, head of IT at the airline. Basically our sales were really 

The airline, based in Tirana, first realised that something was amiss in 
December when it received a cryptic e-mail which read, I notify you that 
attacks will not stop! but if you want to do a counterattack, just tell 
me ... for money everything can be done :).

The attacks failed to register until May, when the companys servers in 
southern Italy were hit by a massive denial of service attack launched 
from thousands of infected PCs controlled by the hacking group.

The company, which had a 2Mbytes line, increased its line capacity to 
10Mbytes and moved its servers to a hosting centre in Northern Italy, 
but the hackers responded by stepping up the intensity of their attacks.

At its peak, the hackers bombarded the company with messages from 7,000 
computers, bringing down both the companys systems and its internet 
service provider.

At one point we managed to set up firewall filters, so only the agencies 
that work with us were allowed on our website. Then the unthinkable 
happened. The providers in Albania changed their DNS numbers, which 
meant the firewalls had to be reprogrammed, which took another week, 
said Elmasllari.

The airline finally shifted its servers to a London hosting firm, 
VistaLogic, which agreed to install specialist technology to protect the 
servers from the attacks. The technology, supplied by Webscreen, is able 
to distinguish between normal customer behaviour and an attack.

After we started protecting them, the hacker started using different 
strategies. He has tried every single strategy possible, ranging from 
bot nets, synflooding, rests, and malformed packets, said Mustafa 
Ozkececigil, chief executive of the hosting firm.. The worst attack we 
have had is 200Mbytes a second. That is a substantial amount of traffic.

Andy Beard, advisory services director at Pricewaterhouse Coopers, said 
it was rare for companies that have been hit by denial of service 
attacks to talk about their experience.

"While the defences have got better, the determined attackers are 
getting better. The sheer number of potentially compromised machines 
[which can be used to launch an attack] is huge, he said.

Visit the InfoSec News store! 

Site design & layout copyright © 1986-2014 CodeGods