66123 Saarbrücken, de
+49 (681) 30270783
CEBIT 2018: Researchers expose perpetrators behind mass internet attacksSaarbrücken, )
Webstresser.org is notorious for being the online platform where you can purchase everything you need to mount a successful massive online attack. According to Europol, it is likely the world's largest marketplace for DDoS attacks. Victims include banks, online traders and governments. A few weeks ago, European prosecutors responded and took action, announcing shortly thereafter on their website that the platform is now off-line.
Before making their online raid, investigators had access to the results of Professor Christian Rossow's research. Rossow, a researcher at the CISPA Helmholtz Centre (i.G.) and teacher at the University of Saarland, has been analysing the modus operandi of cyber criminals for years. In recent years he has given special attention to a specific type of DDoS attack, the "amplification attack".
"Imagine that it's your birthday, the barbecue has been lit and a few friends have come around for a celebratory drink. But a malicious contemporary has circulated a false advertisement which alleges that you are offering tickets for the forthcoming Football World Cup at a bargain price. Your fixed line telephone is now ringing constantly all evening and you can forget your quiet drink together." This is how Rossow explains the principle behind these attacks. According to Rossow, the most perfidious thing about this type of attack is that the attacker achieves the maximum effect with a minimum of effort.
Together with his PhD students at the University of Saarland and colleagues from Japan, he has developed a kind of digital trap for such attacks. During the development phase, the scientists drew on the knowledge that these attacks are comprised of two phases. During the first phase, the perpetrators scan for computers that they can harness for their attack. In the second phase, they use these computers to launch their massive attack. Rossow and his colleagues have been able to document 1.5 million of these attacks.
In a subsequent paper, Rossow, together with Johannes Krupp and Michael Backes, founding director of the CISPA Helmholtz Centre, has uniquely fingerprinted the respective scanning attempts. This has allowed researchers to link the attacks with scanning attempts and, therefore, identify the people behind them. "This is probably our greatest achievement", explains Rossow, "Because the perpetrators behind the attacks usually remain hidden." The computer scientists from Saarbrücken were able to identify a total of 34 networks as the sources of attacks with 98 percent confidence.
Last year, the scientists were able to build on this success and, together with colleagues from Google and New York University, prove which attacks had been organised via online marketplaces such as webstresser.org. They were furthermore able to identify the extent of the range of products for launching DDoS attacks and, therefore, the level of the associated threat. This involved large-scale analysis of data, which was carried out over a period of two years in cooperation with researchers from the University of California in San Diego and the University of Twente. Explaining the direction future research projects will take, Rossow stated: "In future, we need even more data that covers an even longer time span. This is the only way that we will be able to make a well-founded statement about the health of the internet”.
Die Nutzung von hier veröffentlichten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Bei Veröffentlichung senden Sie bitte ein Belegexemplar an firstname.lastname@example.org.