+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

The 'Biggest Cyberattack In History' Was Nothing Compared To A Targeted Attack

Geoffrey IngersollApr 3, 2013, 02:33 IST

paulternate via FlickrIt turns out the biggest cyberattack in history is strategically irrelevant.

Advertisement

Recently we reported on a Distributed Denial of Service (D/DOS) attack on web company Spamhaus that clocked in at a staggering 300 gigabits per second.

A D/DOS occurs when so much illegitimate traffic bombs a website that regular users can't access its services.

The latest record-breaking attack made the 70 GB/s "ItsOkayNoProblemBro" attack on U.S. banks look tiny by comparison.

Except Kevin Kennedy of Juniper Networks recently diagrammed how a 25 kilobyte per second, "sophisticated" attack with good strategy could easily outmatch the Spamhaus hack, even at roughly 0.000008% the size:

Advertisement

The UK has roughly 2 million postal codes. E-commerce sites naturally need to make that postal code database searchable ... a sophisticated hacker figured out that a very simple query would force the database to return the complete list of 2 million postal codes.

By making that simple query a mere 50 times per second—25 kilobits per second in traffic—the attacker completely locked the entire application in under two minutes without tripping a single alarm or volume threshold.

Forget armies of bots, a single PC was enough. And precisely because it was so small, it was lost in the noise of legitimate user traffic.

A single hacker, with one computer, took down a site worth $10 million, simply by being selective about the query rather than just bombing the site itself.

Kennedy writes "The size of 300 gigabits per second makes for fascinating headlines. But the sophistication of 25 kilobits per second may well be the more dangerous threat."

Advertisement

Earlier this year, Brian Krebs coverage showed how a D/DOS acted as a smoke screen for a bank heist totaling $900 thousand. The hackers had gained access to local terminals, and so had local network permissions, prior to initiating an attack that took down a California bank's website.

Using this targeted mode of attack might have sped up the process for the cyber criminals.

"Stealth, it seems, can be incredibly effective," writes Kennedy.

You are subscribed to notifications!
Looks like you've blocked notifications!
Latest Stories
‘Comedian ban na sake, Chaudhary banne chale’: Ola CEO Bhavish Aggarwal after Kunal Kamra criticises Ola EV service
'I thought I experienced death': Al Pacino talks about battling Covid-19
Status-quo on interest rate likely, say experts ahead of RBI's policy review
Profit of public sector banks expected to decline by 0.6 percent QoQ : Motilala Oswal
Carmakers expect festive period to bring in robust sales, improve overall buyer sentiment
Trending News
Next Article
Next Story
Popular Categories
Trending Right Now

Copyright @ 2024. Times Internet Limited. All rights reserved.For reprint rights. Times Syndication Service.