Your Money Or Your NetworkBy Kevin Fogarty | Posted 2005-02-09 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
A new breed of online extortionists is threatening to attack Web sites unless the companies pay up. Some big-name sites, including Microsoft and Google, were saved from harm last June with concerted combat against an army of bots.
At 8:29 a.m. Eastern Daylight Time on June 15, 2004, Microsoft.com, Apple.com, Google.com and Yahoo.com, along with almost 1,100 other Web sites, were chugging along nicely. Traffic was moving around the Internet in a typical volume for that time of the day. These customers of Akamai Technologies were, in general, getting faster response times than average because many of the requests for their content were being served locally from one of 15,000 Akamai servers in 69 countries.
Yahooligans were particularly optimistic; the company was preparing for yet another upgrade to its free e-mail service, which competed directly with one from Google.
At 8:30, things started to get ugly.
A botnet army swung into action. Thousands of personal computers around the world had been infected by viruses and turned into zombies, controlled by an unknown attacker through private chat channels using the Internet Relay Chat (IRC) protocol. Acting in concert, the bots flooded a set of Domain Name System servers with requests.
The flood quickly threatened to overwhelm the servers, which belonged to Akamai, a Cambridge, Mass., company that supplies online infrastructure to large Web operations and says it routinely handles 15% of total Internet traffic.
The bot attack forced delays in figuring out what the requests were and where they should be directed. Everyday Web users-customers of the sites-were left waiting online for even routine requests to find their way through the Web.
ZDNet, Silicon.com and other tech news outlets covering the attack at the time described Microsoft, Apple, Google and Yahoo as having been blacked out. Akamai would not confirm the customers targeted, except to say that neither any customers nor any Akamai servers were taken completely offline.
The attack was unusual because of the precision with which the attacker picked his targets. Rather than bomb Apple or Microsoft directly, or attack all of Akamai's servers simultaneously, the bots focused on Akamai's DNS servers. More specifically, those primarily serving Microsoft, Apple, Google and Yahoo, whose volume of traffic and profile make them among the highest-visibility targets on the Web.