Rise in Web attacks
October 6, 2012Internet access is all you need these days to do your banking - whether you're at work, at home on the sofa or on the road with your smart phone. Almost half of Germans over 18 use online banking, according to a survey by the Federal Association of German banks. Many clients of banks feel it saves them an enormous amount of time. That's why it's all the more annoying if your bank's website is not available especially if it's because hackers have taken it down.
Paralyzed servers
According to the European Commission, every fifth company reported a cyber attack in 2010. Big German and European banks on Thursday (04.10.2012) tested just how prepared they are against such attacks. They sent more than 30,000 requests to a server in a simulated distributed denial of service (DDoS) attack. Results from the tests, which recreated the mass targeting of a website with the goal of overwhelming the company's server and taking websites offline, have not yet been published.
It's a realistic scenario, as several big banks in the United States learnt recently. A cyber attack paralyzed the banks' websites temporarily. A short while later, a letter appeared on the Web, in which the group "Cyber fighters of Izz ad-din Al qassem" claimed responsibility for the temporary breakdown. The letter said the attacks would continue as long as the controversial Mohammed film was still available on the Internet.
Security holes in the system
Apart from religious or political motives, there are also financial reasons for hackers to launch attacks. Some have made a business from DDoS attacks, said Patrick Hof, an expert on Web security. His company, Redteam Pentesting, checks companies' IT systems for potential security holes.
"When hackers detect weak spots they will often blackmail companies," said Hof. "The companies pay the hackers the required sum so that they leave them in peace. It's considerably more expensive and difficult to fight off such an attack than to pay the money."
Protecting yourself against attacks like DDoS is nearly impossible. "You can't prevent these attacks from happening because the hackers are simply using the tools that are also used by clients," said Hof.
The hackers will first gain illegal access to several computers of private individuals. From there, they send parallel and repeated requests to the same website. "You can hardly tell the difference between the hackers' requests that reach the server from the ones that normal clients send," said Hof.
Organized crime
While DDoS attacks can be debilitating to a company, they require hardly any effort on the part of the people launching them. The only things that are needed are so-called botnets, which consist of networks of hacked computers. That's how individual people's computers can be remote controlled - in most of the cases without the people's knowledge.
"If you have enough money and know the right people you can rent such botnets online," said Hof. "You don't even have to be a hacker yourself."
Politically motivated groups or members of organized crime make use of botnets availability, he added.
But DDoS attacks are relatively harmless. They paralyze the websites of companies so that clients can not do their online banking, for example. But you can't steal any money with DDoS attacks. If that is what you're after then you have to have access to bank details. Hackers will usually try and get access to private individuals' details - their computers are simply easier to access than the systems of big banks.