http://www.computerweekly.com/Articles/2006/09/27/218731/Airline+foils+hackers+with+latest+high-tech+defences.htm
By Bill Goodwin
27 September 2006
A private airline which faced financial ruin after a hacking gang
brought its computers to a halt during three months of sustained
attacks, claims to have turned the tables on the hackers by installing
the latest high-tech defences.
The airline, which runs shuttle services between Italy and Albania,
narrowly survived after the gang bombarded the companys systems with
millions of requests during its busiest booking period.
Small companies which rely on the web for business are particularly
vulnerable to denial of service attacks, but it is rare for firms to
talk publicly about their experiences. Online sports betting sites,
including Paddy Power, were hit by a spate of attacks two years ago from
gangs demanding the payment of a ransom.
In an interview with Comptuer Weekly, Albatros Airlines, said it lost
20,000 a day after the attackers left its website inaccessible to
travellers and travel agents for weeks at a time.
There was total disruption of sales. We could not sell anything via our
system, and had to wait for phone calls from travel agencies, said Erion
Elmasllari, head of IT at the airline. Basically our sales were really
dropping.
The airline, based in Tirana, first realised that something was amiss in
December when it received a cryptic e-mail which read, I notify you that
attacks will not stop! but if you want to do a counterattack, just tell
me ... for money everything can be done :).
The attacks failed to register until May, when the companys servers in
southern Italy were hit by a massive denial of service attack launched
from thousands of infected PCs controlled by the hacking group.
The company, which had a 2Mbytes line, increased its line capacity to
10Mbytes and moved its servers to a hosting centre in Northern Italy,
but the hackers responded by stepping up the intensity of their attacks.
At its peak, the hackers bombarded the company with messages from 7,000
computers, bringing down both the companys systems and its internet
service provider.
At one point we managed to set up firewall filters, so only the agencies
that work with us were allowed on our website. Then the unthinkable
happened. The providers in Albania changed their DNS numbers, which
meant the firewalls had to be reprogrammed, which took another week,
said Elmasllari.
The airline finally shifted its servers to a London hosting firm,
VistaLogic, which agreed to install specialist technology to protect the
servers from the attacks. The technology, supplied by Webscreen, is able
to distinguish between normal customer behaviour and an attack.
After we started protecting them, the hacker started using different
strategies. He has tried every single strategy possible, ranging from
bot nets, synflooding, rests, and malformed packets, said Mustafa
Ozkececigil, chief executive of the hosting firm.. The worst attack we
have had is 200Mbytes a second. That is a substantial amount of traffic.
Andy Beard, advisory services director at Pricewaterhouse Coopers, said
it was rare for companies that have been hit by denial of service
attacks to talk about their experience.
"While the defences have got better, the determined attackers are
getting better. The sheer number of potentially compromised machines
[which can be used to launch an attack] is huge, he said.
_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org
Received on Sep 28 2006
Intro
