X
Tech

CERT hit by DDoS attack

Unknown attackers inundated the Computer Emergency Response Team Coordination Center with data Tuesday and Wednesday.
Written by Robert Lemos, Contributor

Unknown attackers inundated the Computer Emergency Response Team Coordination Center with data Tuesday and Wednesday, cutting off the public's access to the organization largely responsible for warning others on the Internet about computer-security threats.

The attack began around 9 a.m. PDT Tuesday and continued to stall traffic to the organization's Web site Wednesday. Access to the site was sporadic early Wednesday, with the Carnegie Mellon University-based center reportedly accessible from the eastern United States but inaccessible to many other site users.

"Our connection to the Internet has been largely saturated by this activity," Ian Finlay, an Internet security analyst for the CERT Coordination Center, said in a recorded statement. "The www.cert.org Web site may be unavailable until the attack begins to subside."

By midday Wednesday, the site was once again fully accessible.

Although the attack prevented anyone from accessing the security advisories on CERT's Web site, the Center said it was able to get the word out on critical alerts.

"We have alternate means to issue advisories as it becomes necessary," Finlay said in the statement.

Chris Wysopal, director of research and development for security service firm @Stake, said CERT's predicament was ironic.

"They are the people that tell you how to protect against the problems," he said. "But the fact is, no one can totally protect against these types of attack."

The attack also underscored the risk of putting the United States' computer-alert teams under one umbrella.

"It highlights the fact that we need many different sources of security info," Wysopal said. "When all the information becomes too centralized, that's a security problem in and of itself."

While CERT is an important security advisory group, several others exist, including the Computer Incident Advisory Center, so-called information sharing and analysis centers, and several advisory sites run by security companies.

Denial-of-service attacks attempt to overload or crash computers connected to the Internet so people can't access them. A common type of attack, called a flood attack, aims to overload a targeted computer with so much data that it can no longer process legitimate access attempts.

"We get attacked every day," said Richard D. Pethia, director of the Networked Systems Survivability Program at Carnegie Mellon's Software Engineering Institute, which includes the CERT/CC. "This is just another attack. The lesson to be learned here is that no one is immune to these kinds of attacks. They cause operational problems, and it takes time to deal with them."

Editorial standards