An attack on Eircom’s internet servers this week led to many of its customers having problems online, from slow connections to unexpected liaisons with scantily-clad women
THE INTERNET BROKE. Or, at least, that’s how it must have seemed to your average user of Eircom’s broadband service during the week, when strange things began to happen for those using the internet.
The problems were manifold and began earlier this month when some users began to experience unusually slow internet connections. Others could not connect at all, and found themselves unable to access any of their usual sites. A third group reported that when they clicked on certain links, they were redirected to other websites, some reportedly containing images of scantily clad women.
Things got worse. Last Monday, between 6pm and 11.15pm, service was disrupted again. Eircom customers – of whom there are some half a million internet users, making it the biggest broadband provider in the country – became increasingly frustrated. “If I don’t have connectivity, I cannot do my job,” says James Corbett, co-founder of the educational software company daynuv.com, and one of a number who discussed the problem and exchanged tips for resolving it on the social networking site Twitter. “It just completely crippled me in terms of the work.”
So what happened? Regarding Monday’s outage, the problem came down, as it often does, to traffic. Here’s how it works: Normally, when you type in a web address for a site you wish to visit, it sends a request to the server of whatever internet company you’re signed up to. These servers are generally equipped to deal with a large number of requests in any given period. Last Monday, however, Eircom’s servers got overloaded when all of a sudden the amount of requests being received increased dramatically: by 100 per cent. “We were seeing a doubling of the amount of requests in any given period,” explains Eircom spokesman Paul Bradley. “There was congestion, so the server wasn’t able to cope with all those requests and wasn’t able to fulfil [them].” This massive increase in traffic, rather than an indication that all Eircom’s customers had abruptly decided to log on in unison, had all the hallmarks of a DDOS, or Distributed Denial of Service attack.
The idea behind such an attack is to make a computer resource unavailable to its users, and the methodology is scarily accessible. Brian Honan, of BH Consulting, which specialises in computer security, explains: “A DDOS occurs when somebody sends so many requests to your web server that the server cannot cope with that amount of traffic any more. It blocks all the legitimate traffic getting to your site.”
EIRCOM IS NOTthe first victim of such an attack. Two years ago, a spree of DDOS attacks crippled websites all over Estonia, including the prime minister's website, and a number of the country's bank sites. Earlier this month, a number of websites in South Korea and the US – including the White House, the New York Stock Exchange, the South Korean president's website and that of the defence ministry – were also attacked in a similar fashion.
It turns out that to bring about such widespread internet havoc may not be very difficult to accomplish, if you’ve got the right botnet – the name for a collection of “zombie” computers that have been set up, often without their owners’ knowledge or consent, to transmit messages to other computers. “If you wanted to, you could go and rent a botnet for a few hundred dollars and use it for whatever you want it to do,” explains Honan. “You could say, ‘Mr Criminal, I want to use your botnet to attack irishtimes.com for a day, and here’s $100 into your account’.”
It sounds alarmingly simple, and is becoming increasingly attractive to organised crime networks who have seen lucrative possibilities in it. Because DDOS attacks can be used for much more insidious purposes, including bank fraud.
This is where reports of Eircom customers being redirected to the wrong websites becomes more alarming than amusing. In this instance, Eircom’s DNS (Domain Name System) servers were poisoned. Computers operate in numbers, and every computer has its own unique address, which is a string of numbers known as an IP address.
“For humans to remember what the IP address is for irishtimes.com would be quite difficult, so your DNS or server is like your phone book,” explains Justin Mason, who blogs on computer security and IT issues at taint.org. “It has all the names of who you want to contact, with their corresponding numbers.” In this case, Eircom’s DNS servers were targeted so that users, instead of reaching the websites they were after, found themselves looking at women in their underwear.
According to Mason, such an attack could easily have been used instead to steal financial details from unsuspecting online bankers. “There are actually a few viruses or Trojans nowadays that sit quietly in the background and wait for you to log into your online banking,” he explains. “They collect the details and send them back up to the ‘bad guys’ for later use. ”
Could organised criminals be behind the Eircom attack? Speculation is rife, with rumours abounding of foreign gangs plotting to bring down Ireland’s largest broadband operator.
Eircom has acknowledged that an external third party was behind the attacks, and that an investigation is underway, though the Garda has not become involved as yet. “We don’t have an indication that it’s malicious or benign,” says Bradley. “We know it’s external.”
Yet the fact that the attack was so quickly apparent, and did not appear to target the financial details of Eircom’s half a million users, make Mason doubtful that organised criminals are behind it. “A lot of the commentary is speculation from people who don’t really know what’s going on,” he admits, while including himself in this group. “Eircom are the only people who would know the facts of the matter, but my feeling is that the level of attack sounds like something that could be operated by a single person.”
Who that person might be and why they did it remains a mystery, at least for now. Normal service appears to have returned to Eircom’s broadband system, but investigations are ongoing. “We’re doing as much as we can to make sure that this doesn’t happen again,” says Bradley.
SO WHAT CANbroadband users do to make their own information less vulnerable to attackers? Honan, who has also set up a Computer Emergency Reponse Team (Cert) in Ireland to provide advice to businesses and individuals about how to protect their information, recommends having updated anti-viral software on your computer and making sure your firewall is turned on. "Anybody with a serious online presence should be ensuring that they have the necessary safeguards in place to protect their systems from these types of attacks," he says. "That would include making sure their own servers have the most up-to-date security patches on them as well as having the necessary equipment in place to tackle and deal with these DDOS attacks."
The bad news is that if your internet service provider is vulnerable to such attacks, there’s not much else the average individual user can do to defend against them. “Internet traffic has to go through the ISP, so the internet user has to trust their ISP,” says Mason. “They can bear in mind how their current ISP is performing, and choose to switch to another if they don’t like it.”
Yet for Mason, the biggest issue is ensuring that, when problems arise, people are told and reactions are swift. “It’s hard to avoid the problem, really, but I think it is possible to get that information disseminated, and when something like this happens, if the information can get out there, that will help deal with the problem.”
Botnets And Trojan Know Your Online Jargon
DNS (Domain Name System)
A service that translates website names, which usually use alphabetical letters, into number sequences which are known as IP addresses.
IP (Internet Protocol) address
A numeric address that identifies a computer on specific computer network.
ISP (Internet Service Provider)
A company that offers customers internet access.
DDOS (Distributed Denial of Service) attack
A cyber attack that involves sending so many requests to a server that it buckles under the volume of traffic
Botnet
A collection of computers configured to transmit messages to other computers on command.
Malware
Malicious software, designed to infiltrate your computer or damage it
Trojan
a piece of malware that appears to be performing some useful function, while it is in fact infiltrating your computer