Asia 'hotspot' for DDoS attacks, but no need to overreact

Distributed denial of service (DDoS) attacks are becoming more rampant in Asia with the region's connectivity, partly due to its ease of staging, and Asian nations are increasingly perpetuating such attacks on one another, which may potentially lead to a cyberwar, Akamai executive notes.

According to Martin McKeay, security evangelist at Akamai Technologies, in an interview with ZDNet Asia on Friday, Asia is also rapidly becoming a "hotspot" for DDoS attacks because of its widespread connectivity and rise in mobile devices. Asians are also reliant on connectivity so more will be affected if a particular service is brought down, he said.

He cited that hackers in February, brought down the Malaysia stock exchange through DDoS attacks, and hacker group Anonymous brought down several Web sites in countries such as China.

DDoS is becoming the "most popular" method in Asia for hackers to enact their political and emotional motivations, he added. Hackers in Asia are no longer "script kiddies" who get thrills from hacking, but using it against government and companies for a cause, he noted.

Basic DDoS attacks are based on sending of volumetric data on a large scale to Web sites until it goes down, while advanced attacks leverage security vulnerabilities of the system, McKeay explained. DDoS is also a "relatively easy" method for hackers to achieve their ends, as it does not take much to "clog Internet pipes" and direct "junk traffic" to bring down a system so that attackers can penetrate, he added.

There are also attacks stemming from Asian countries against others in the region, McKeay pointed out. It is a continent with many different countries, with differing politics, and this may lead to cyberwar, he explained.

For example, he said, Chinese and Filipino hackers engaged in a cyberattack standoff last month, defacing the Web sites of a Philippines university and several Chinese sites, claiming ownership of disputed islands in South China sea.

These "nationalist hackers" using DDoS attacks to promote national pride are becoming more common, but they are usually not affiliated with governments, McKeay maintained.

"Hackers [in Asia] are no longer 'script kiddies' who get thrills from hacking, but using it against the government for a cause."

-- Martin McKeay
security evangelist,

Government could ban hacking tools
The rise of DDoS may be a problem because governments may start passing cyberlaws which make the security tools used by hacktivists to "achieve their ends" illegal, McKeay noted.

This is a "poorly thought out legislation", McKeay remarked, explaining that the tools used by hackers are the same ones used by security professionals to detect and investigate cyberattacks, such as Metasploit. As such, it "doesn't make sense" to block them, he said.

This could make security professionals "handicapped" while performing their jobs because they will not have the appropriate tools to test if a system is vulnerable or how to detect DDoS, he noted.

He cited that the German government had already banned hacking tools three years ago. This could pave the way for Asian governments to follow suit, he noted.

Tackle the root, share information
What governments need to do is not rush to judgment too quickly, but take action by tackling the root, he advised, adding that governments should discuss why and how the DDoS attacks happened and get to the root of the problem instead of passing cyberlaws to eliminate the problem.

Governments can also look into information sharing with private sectors, similar to the U.S. cybersecurity bill passed last year, which allows U.S. spy agencies to share intelligence regarding cyberthreats with private companies, he said, maintaining that this was his personal view.

"If the various companies merely examine their own threat information, they will have a narrow view of the security landscape," he said. "Governments and private companies will be able to learn from each other with this information sharing."