Q&A: Web Attacks

By Mark Ward
Technology correspondent, BBC News

Image caption,
The attacks are being carried out to defend Wikileaks efforts to release diplomatic cables.

The Anonymous group has been carrying out web-based attacks on companies and organisations it sees as harming the work of Wikileaks. It has used a method known as a Distributed Denial of Service (DDoS) attack.

What is a DDoS attack?

This type of attack typically involves flooding a target website with data.

The attackers hope to overwhelm it in one way or another so it cannot serve its legitimate users. As its name implies it aims to deny service to those visitors.

Are there lots of different types of DDoS attack?

There are. Some exploit the basic protocols of the internet that define how your web browser talks to the webpage you want to visit.

Other attacks send fragments of data packets to a target so it spends all its time putting them back together rather than sending data to visitors.

Against sites with a low bandwidth link to the wider web simply sending lots of data traffic can choke the connection and cut it off.

There are many other different types of attack.

They can be hard to defend against, at least initially, because they look like ordinary net traffic.

What is distributed about it?

The first denial of service attacks typically came from a single source. Now the data bombardment is typically carried out by lots of computers, usually running Windows, all over the world, hence distributed. Most attacks are carried out through a botnet.

A whatnet?

A botnet is a collection of hijacked home computers that have come under the control of a hi-tech criminal. The machines are often enrolled in the botnet when their owners visit a booby-trapped webpage that hosts malicious software. This usually exploits vulnerabilities in popular programs to install itself and hand control of the machine over to a botnet herder.

Botnets can be huge. The biggest, such as Bredolab and Conficker, have millions of machines in them.

Botnet herders divide the machines under their control into manageable chunks that can be rented out. Other hi-tech criminals then use them to send spam or phishing e-mails, some use them to launch a DDoS attack.

Is Anonymous using a botnet?

It is. But one that is slightly different to the usual.

The botnet is made up of machines that have been actively enrolled in it by their owners downloading and installing Anonymous' attack tool - known as the Low Orbit Ion Cannon (LOIC).

Anonymous says about 2,000 machines are now in its botnet. Using only 400 of these caused trouble for the Visa.com website - one of Anonymous' targets.

What damage did the attacks do?

Most of the sites targeted suffered downtime to a greater or lesser extent. However, the attacks on Visa and Mastercard did more than just knock the homepages of both companies offline for some time.

The attack also hit some credit card transactions. This is because one of the checks done when you try to pay involve consulting servers that sit on the same network as the homepages.

How can attacks be resisted?

In several ways. Traffic hitting a website can be piped through filters that know the net addresses of machines on botnets and so can spot when an attack is coming through one. There are also mitigation techniques that work against some specific attacks.

What makes the Anonymous hard to defend against is that it rolls together lots of different attack types.

More on this story