Hackers put Net security watchdog out of action

In a perfect display of irony the US centre charged with warning others about attacks is hit by a DoS attack
Written by ZDNet Staff, Contributor

Unknown attackers inundated the US Computer Emergency Response Team Coordination Center with data Tuesday and Wednesday, cutting off the public's access to the organisation that is largely responsible for warning others on the Internet about computer-security threats.

The attack began around 9am on Tuesday and continued to stall traffic to the organisation's Web site Wednesday. Access to the site was sporadic early Wednesday, with the Carnegie Mellon University-based centre reportedly accessible from the eastern United States but inaccessible to many other site users.

"Our connection to the Internet has been largely saturated by this activity," Ian Finlay, an Internet security analyst for the CERT Coordination Center, said in a recorded statement. "The www.cert.org Web site may be unavailable until the attack begins to subside."

Although the attack has prevented anyone from accessing the security advisories on CERT's Web site, the Center said it will still be able to get the word out on critical alerts. "We have alternate means to issue advisories as it becomes necessary," Finlay said in the statement.

Chris Wysopal, director of research and development for security service firm @Stake, said CERT's predicament was ironic. "They are the people that tell you how to protect against the problems," he said. "But the fact is, no one can totally protect against these types of attack."

The attack is unlikely to affect the Coordination Center's ability to release critical security alerts, because it's easy to evade such attacks with email, said Wysopal.

However, the attack does underscore the danger in putting the United States' computer-alert teams under one umbrella. "It highlights the fact that we need many different sources of security info," Wysopal said. "When all the information becomes too centralised, that's a security problem in and of itself."

While CERT is an important security advisory group, several others exist, including the Computer Incident Advisory Center, so-called information sharing and analysis centres, and several advisory sites run by security companies.

Denial-of-service attacks attempt to overload or crash computers connected to the Internet so people can't access them. A common type of attack, called a flood attack, aims to overload a targeted computer with so much data that it can no longer process legitimate access attempts. "We get attacked every day," says Richard D. Pethia, director of the Networked Systems Survivability Program at Carnegie Mellon's Software Engineering Institute, which includes the CERT/CC. "This is just another attack. The lesson to be learned here is that no one is immune to these kinds of attacks. They cause operational problems, and it takes time to deal with them."

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards