[ NNSquad ] DDoS attacks on major US banks are no Stuxnet-here's why

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] DDoS attacks on major US banks are no Stuxnet-here's why

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] DDoS attacks on major US banks are no Stuxnet-here's why
From: Lauren Weinstein <lauren@vortex.com>
Date: Sat, 6 Oct 2012 09:49:32 -0700

DDoS attacks on major US banks are no Stuxnet-here's why

http://j.mp/PIsE0M  (ars technica)

   "The compromised servers were outfitted with itsoknoproblembro
    (pronounced "it's OK, no problem, bro") and other DDoS tools that
    allowed the attackers to unleash network packets based on the UDP,
    TCP, HTTP, and HTTPS protocols. These flooded the banks' routers,
    servers, and server applications-layers 3, 4, and 7 of the networking
    stack-with junk traffic. Even when targets successfully repelled
    attacks against two of the targets, they would still fall over if
    their defenses didn't adequately protect against the third.  "It's not
    that we have not seen this style of attacks or even some of these
    holes before," said Dan Holden, the director of research for the
    security engineering and response team at Arbor Networks. "Where I
    give them credit is the blending of the threats and the effort they've
    done. In other words, it was a focused attack."  Adding to its
    effectiveness was the fact that banks are mandated to provide Web
    encryption, protected login systems, and other defenses for most
    online services. These "logic" applications are naturally prone to
    bottlenecks-and bottlenecks are particularly vulnerable to DDoS
    techniques. Regulations that prevent certain types of bank traffic
    from running over third-party proxy servers often deployed to mitigate
    attacks may also have reduced the mitigation options available once
    the disruptions started."

 - - -

--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren 
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
 - Network Neutrality Squad: http://www.nnsquad.org 
 - PRIVACY Forum: http://www.vortex.com/privacy-info
 - Data Wisdom Explorers League: http://www.dwel.org
 - Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren 
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad

Prev by Date: [ NNSquad ] A network scientist examines the lifespan of a fact
Next by Date: [ NNSquad ] Robert Bork on antitrust: Google is no Microsoft
Previous by thread: [ NNSquad ] A network scientist examines the lifespan of a fact
Next by thread: [ NNSquad ] Robert Bork on antitrust: Google is no Microsoft
Index(es):
- Date
- Thread