By Jonathan Richards
May 22, 2007
The Daily Telegraph website has been the victim of a mystery and
destructive attack by hackers that has blocked access to the site over
the last 24 hours.
The paper confirmed that its site had been the victim of a 'distributed
denial of service attack' (DDoS), and that many readers had not been
able to log on since yesterday morning.
A third party team of experts was still working to return systems to
normal, following what the paper described as "an act of vandalism".
"With these things it's always difficult to know what might be behind
it," a Telegraph spokeswoman said.
The paper had not received any threats demanding that particular stories
be removed, the spokeswoman said, but a "revenge attack" was one of the
possible explanations cited by security experts.
"The nature of these attacks is that they come from multiple sources,"
the paper's digital editor, Edward Roussel, told mediaguardian.co.uk.
"We have had them in the past but they have never succeeded in toppling
the website. This particular one was stronger than anything we have
experienced," Mr Roussel said.
A "denial of service" attacks occurs when hundreds of thousands of
computers are directed to log onto a particular site simultaneously,
causing it to crash under the weight of requests.
The computers owners' are unusually unuaware they are participating in
the attack, their machines having been co-opted by an e-mail or
internet-based worm sent via a network known as a 'botnet'.
"Newspaper sites are often the target of politically motivated attacks,"
William Beer, a director of security practice at Symantec, said.
"In Italy a law was passed recently in relation to peer to peer
software, and we saw a lot of internet-based threats directed at
newspapers that were favourable to the new regulation," he said.
Paul Vlissidis, an expert at NCC, another security firm, said that there
were ways of guarding against DDoS attacks, for instance by installing a
router which sits 'in front of' a website and monitors incoming traffic.
If the router senses a pattern in attempted visits, for instance that
the volume is unusually large for a certain time, the requests can be
directed elsewhere - "down a kind of cyber black hole," Mr Vlissidis
The attack comes less than a week after Estonia accused Russia of being
behind a similar attempt to bring down various of its central websites
and paralyse its infrastructure.
Estonian officials said that they had traced the internet protocol (IP)
addresses responsible for the attacks to Russian authorities, prompting
allegations that Russia had declared 'cyber-war' against its Baltic
Last year a Department of Trade and Industry report found that more than
50 per cent of businesses had suffered "a premeditated and malicious"
security incident in the past twelve months.
For large businesses, the average cost of the worst such incident was as
much as 130,000, the report said.
Tide of denial
In February hackers, possibly based in South Korea, attempted to bring
down at least the of the 13 computers which help manage global internet
traffic, including one operated by the US Department of Defence (DoD). A
DoD official was quoted at the time as saying: "We have to be able to
respond (to this type of threat)."
Last year three Russian citizens were sentenced to eight years each for
extorting money from several British gambling websites. The trio were
accused of receiving $4 million from sites they threatened with DDoS
attacks, and when one site refused to pay a demand for $10,000, it was
targeted and and brought down, reportedly costing it $200,000 a day.
In 2004 several bookmakers, including Paddy Power and Blue Square were
subject to DDoS attacks at the time of the Cheltenham horse races.
Extortionists contacted Blue Square, ordering that it pay 7,000 in order
that the attack be stopped.
The security firm Symantec last year estimated that the number DDoS has
risen by 51 per cent since 2005, and detected an average of 1,402
attacks a day.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com