Few people may understand the precise mechanics of a DoS attack, save that it enlists a number of systems to converge on a single Internet server or site at a command from a remote terminal. What is more downplayed in media coverage is that the attacks do not enable access to confidential data, nor do they jeopardise system integrity. They merely knock a system offline. In this, they are the least of security worries in an environment that has seen much more serious breaches.
Nonetheless, a great deal of worry was generated by the DoS attacks on Yahoo! eBay, ZDNet and other high-profile service providers, in spite of the fact that very little actually happened. Kevin Pursglove, a spokesperson for eBay, says that though the e-commerce site was under attack for a number of hours on February 8, there was no damage and not even any significant interruption to the site's operations.
"The material impact was minor," he says. "We were able to stay active the whole time. And we were very much aware that an attack of this nature could occur. Members of our security team began to notice some strange activity, and they responded immediately."
Pursglove blames much of the negative press generated by the attacks on media representatives who did not fully understand the nature of the attacks, nor the aptitude of the security teams working on the problem. Two days after the attacks, when the situation was more than under control, there was still an army of news vans flooding the lot at eBay's San Jose headquarters.
"Many reporters made inaccurate assumptions about the nature of the attacks," he says. "If you call a company for fifteen minutes and you get a busy signal, you don't complain to the telephone company and you don't stop using your phone."
Likewise, Yahoo! responded to the attacks quickly. Helena Moss of NRW Public Relations says that during the attack, Yahoo! installed rate filters, which detect large amounts of mock traffic and block it. Rate filters are not new technology, but their application during the incident has certainly made them an invaluable security tool.
In this instance, hackers forced companies to rally their resources and to find new solutions for new problems. Such positive fallout is the direct result of the ingenuity of the hacker at discovering holes in security. And if it's greater safety ISPs and e-commerce sites are after, then they need look no further than hackers, whether they are in their employ as security consultants or not.
with additional research by Tammy Lawrence
Take me to Hackers
Take me back to the Cyber terrorism special