CEBIT 2018: Researchers expose perpetrators behind mass internet attacks

(PresseBox) ( Saarbrücken, )
Professor Christian Rossow and his working group at the CISPA Helmholtz Centre in Saarbrücken are researching attacks that strike fear not only in the hearts of companies, but of sovereign states too. The technical jargon for such attacks is "Distributed Denial-of-Service Attacks" (DDoS), because they flood online services with huge amounts of data, which then renders them inoperative. Rossow and his team of researchers are developing methods and tools that will analyse and stop such attacks. By doing so, they are even able to uncover the perpetrators behind these attacks. They will present their latest results during the CEBIT computer expo at stand F68 in hall 27. is notorious for being the online platform where you can purchase everything you need to mount a successful massive online attack. According to Europol, it is likely the world's largest marketplace for DDoS attacks. Victims include banks, online traders and governments. A few weeks ago, European prosecutors responded and took action, announcing shortly thereafter on their website that the platform is now off-line.

Before making their online raid, investigators had access to the results of Professor Christian Rossow's research. Rossow, a researcher at the CISPA Helmholtz Centre (i.G.) and teacher at the University of Saarland, has been analysing the modus operandi of cyber criminals for years. In recent years he has given special attention to a specific type of DDoS attack, the "amplification attack".

"Imagine that it's your birthday, the barbecue has been lit and a few friends have come around for a celebratory drink. But a malicious contemporary has circulated a false advertisement which alleges that you are offering tickets for the forthcoming Football World Cup at a bargain price. Your fixed line telephone is now ringing constantly all evening and you can forget your quiet drink together." This is how Rossow explains the principle behind these attacks. According to Rossow, the most perfidious thing about this type of attack is that the attacker achieves the maximum effect with a minimum of effort.

Together with his PhD students at the University of Saarland and colleagues from Japan, he has developed a kind of digital trap for such attacks. During the development phase, the scientists drew on the knowledge that these attacks are comprised of two phases. During the first phase, the perpetrators scan for computers that they can harness for their attack. In the second phase, they use these computers to launch their massive attack. Rossow and his colleagues have been able to document 1.5 million of these attacks.

In a subsequent paper, Rossow, together with Johannes Krupp and Michael Backes, founding director of the CISPA Helmholtz Centre, has uniquely fingerprinted the respective scanning attempts. This has allowed researchers to link the attacks with scanning attempts and, therefore, identify the people behind them. "This is probably our greatest achievement", explains Rossow, "Because the perpetrators behind the attacks usually remain hidden." The computer scientists from Saarbrücken were able to identify a total of 34 networks as the sources of attacks with 98 percent confidence.

Last year, the scientists were able to build on this success and, together with colleagues from Google and New York University, prove which attacks had been organised via online marketplaces such as They were furthermore able to identify the extent of the range of products for launching DDoS attacks and, therefore, the level of the associated threat. This involved large-scale analysis of data, which was carried out over a period of two years in cooperation with researchers from the University of California in San Diego and the University of Twente. Explaining the direction future research projects will take, Rossow stated: "In future, we need even more data that covers an even longer time span. This is the only way that we will be able to make a well-founded statement about the health of the internet”.

Further information:
Für die oben stehenden Pressemitteilungen, das angezeigte Event bzw. das Stellenangebot sowie für das angezeigte Bild- und Tonmaterial ist allein der jeweils angegebene Herausgeber (siehe Firmeninfo bei Klick auf Bild/Meldungstitel oder Firmeninfo rechte Spalte) verantwortlich. Dieser ist in der Regel auch Urheber der Pressetexte sowie der angehängten Bild-, Ton- und Informationsmaterialien.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an