Communications Firms Organize To Confront Hacker Attacks

NEW YORK -- A group of 18 global communications services providers and network operators have banded together to confront large-scale hacker attacks.

The organizations, which include BT Group PLC (BT), Deutsche Telekom AG (DT), MCI Inc. (MCIP), NTT Communications Corp., Cisco Systems Inc. (CSCO) and EarthLink Inc. (ELNK), have agreed to share information about network-based attacks while they are under way through the Fingerprint Sharing Alliance, to be unveiled Monday. Participants will share data using technology from Arbor Networks Inc., a closely held Lexington, Mass., security company that sells technology for detecting and fending off network-based attacks to about 70% of the world's tier one Internet-backbone providers.

The group's main goal is to tackle the rising problem of "denial-of-service" attacks, which have increased hugely in severity and have become a serious threat to smooth operation of even the world's largest networks.

"As attacks are becoming more complex and distributed, cooperation and communication between service providers is critical," said Farnam Jahanian, Arbor's founder.

In denial-of-service attacks, hackers typically use hijacked computers on powerful broadband connections, which often belong to unwitting home users, to flood targeted Web sites or networks with traffic in an effort to shut them down. Shutdowns can also be caused by network worms, which are automated malicious programs that infect computers by traveling directly through network connections, rather than through e-mail by exploiting flaws in software programs. The information-sharing system can also be used to react to these attacks.

The alliance will allow a carrier that has a customer under attack to post attack information on a central Arbor server for delivery to alliance members whose networks are involved in the attack. Those parties can use the information to identify and stop the attacking machines. They could also take steps to help their customers clean out the hacker programs that made them party to the attack. Alliance participants can provide attack information to each other without identifying which of their customers are being affected or disclosing other competitive information, Arbor said.

Arbor said that the largest denial-of-service attack it handled in 2002 involved less than one gigabit of traffic per second and came from a handful of compromised PCs. But in 2004, it encountered multiple 15-gigabit attacks and launched by "botnets," or armies of compromised machines, of more than 150,000 PCs.

The threat is now grave enough that fierce competitors are putting aside rivalries to work together. "The risk of cooperating with the competition is outweighed by the sheer cost of submitting to the attacks," said Arbor President Tom Schuster.

"Denial-of-service is a global problem with botnets spanning the globe, attacks coming from around the world," said Dave Harcourt, head of network security for BT's BT Wholesale division. Attacks hitting at five gigabits per second "will take most tier-two (networks) off the air and will hurt a lot of tier-one providers," he said.

Denial-of-service attacks are the second most costly type of computer crime, after viruses, according to the 2004 Computer Security Institute and Federal Bureau of Investigation survey of security professionals at large organizations. Of the 269 respondents who reported losses, $26.1 million of a total of $141.5 million in losses were attributed to this type of attack. Only 17% of 481 respondents reported facing denial of service.

Until recently, denial-of-service attacks were usually weapons used by novice attackers in vendettas against enemies. But like other types of malicious activity on the Internet, attackers increasingly appear to be members of criminal enterprises with financial motives.

"The landscape has certainly changed over the last year and a half" said Rob Rigby, director of managed security services at MCI. "Now the malicious intent is extortion or something more egregious than it was before. This is starting to become a moneymaking operation."

The alliance members hope that a centralized, automated system for sharing information about attacks with other operators will help them contain them more quickly and trace them to their sources more effectively. Members will also be able to take steps to dismantle botnets and perhaps ultimately begin to reverse the attack's alarming growth trend. Operators now have a cumbersome, informal information-sharing system using e-mail and phone conversations and based on personal relationships, that isn't always speedy or effective.

MCI said that achieving the industry's most ambitious goals will require a standard messaging system, rather than Arbor's proprietary fingerprint system, so that any network operator can participate. Arbor said the alliance will be open to organizations that aren't customers. Its fingerprints are based on a UNIX standard, and the alliance's system will support any standard that gains approval, the company said.

-Riva Richmond, Dow Jones Newswires; 201-938-5670; riva.richmond@dowjones.com

(END) Dow Jones Newswires"

Posted to the site on 28th March 2005

Page Tools

Email this article to a collegue

Printer Friendly Version

Tags: cisco cisco systems bt group bt hacker unix

...previous article Next article...

Daily News Headlines

Get a free email of the news articles

Click for sample copy - Our privacy policy

21:32	Starent to settle lawsuit over Cisco deal
13:13	Apple's iPhone set to make splash in South Korea
13:03	Carphone Warehouse Back into Profit on Internet Services
12:30	Telenor to Upgrade Swedish Network to HSPA+
10:52	Brits Prefer DIY Customer Care from their Banks