@ Computerweekly, © 2000 Reed Business
The City of London is bracing itself for a wave of hacking attacks to be
launched next week as part of the May Day anti-capitalist protests. Jittery
IT directors in financial services firms did not want to talk openly about
their security plans, but many are worried that their corporate and e-business
systems will be subjected to denial of service attacks.
This form of attack makes a Web site unavailable by bombarding it with electronic
requests. The attack involves hackers using up to tens of thousands of surrogate
servers to attack a single site, said DK Matai, managing director of mi2g
Matai said denial of service attacks were proven in their capacity to disable
systems and would be the favoured method for hackers during next week's expected
anti-capitalist attacks. Amazon and Yahoo!'s Web sites were crippled by such
attacks earlier this year.
He said, "What we may see is thousands
of servers targeting specific Web sites. With these attacks, protesters get
the maximum impact for the time they spend creating malevolent code."
A denial of service attack can be launched with basic software tools available
on the Web and the hackers do not need to have any specific knowledge of the
victim's systems, aside from the Web address.
Mass attacks are almost impossible to defend against. Although filtering
software is available to counteract the attacks, the software used by hackers
to launch attacks is becoming more sophisticated, allowing the type of message
to morph during attack, bypassing filters.
Security expert Peter Sommer, who is a government special adviser on e-commerce,
said the only way businesses could protect themselves was through a massive
investment in Web site bandwidth. He warned that other organisations likely
to be targeted by protestors would be those that might be construed to be
engaged in unethical business practices.
Senior security architect at city security specialist Information Risk Management
Richard Stagg said that IRM's clients in the financial and banking sector
were expecting hacking attacks in conjunction with the protests.
British Bankers Association spokesman Brian Capon played down the risk of
hacking during the May Day protests. "We cannot rule anything out. Banks are
hugely security conscious anyway, but measures are being stepped up."