'

Net attacks: The UK could be next

Although none of Britain's major commercial Web sites have succumbed to the Denial of Service attacks (DoS) that have felled Yahoo! EBay and ZDNet.com this week, experts warn that the threat to UK domains is very real

At 6.30pm (GMT) Monday the largest Web site on the Internet, Yahoo.com, was rendered inaccessible by a flood of data peaking at a ferocious 1gigabit per second. Over the next three days other leading Web sites including eBay.com, CNN.com and ZDNet.com were struck by similar attacks. The matter is being treated as almost a national emergency in the US with the FBI and even President Clinton holding press conferences to address the issue. But whey have the rest of the world's Internet giants remained unscathed?

Mikael Arnbjerg, senior Internet analyst with IDC Europe, suggests that at this point the culprits are after maximum publicity. He says: "I imagine they're doing it for notoriety. If they had picked on someone nobody knows then we wouldn't of heard about it and it would be interesting. You wouldn't be writing about it."

Paul Cronin, head of penetration testing at computer security company CenturyCom, says however, that the situation in the UK could easily turn ugly. "At the time of the city of London demonstrations, for example, we had a lot of very high profile companies ask us to test their sites against Denial of Service attacks."

But so-called "co-ordinated distributed" DoS attacks present a different challenge to IT managers. Cronin explains this is because a large number of compromised machines are used to bombard a target site with fake traffic. This makes it possible to blitz a Web site with an unusually large amount of data but also makes it more difficult to locate the real source of an assault.

"At the moment, it is impossible to lock intruders out," adds Cronin. "The only solution is to have intrusion detection systems in place to detect the hacker before he has a chance to cause any damage."

Cronin explains that when an attack of this sort is detected it may already be too late. "The problem at Yahoo!, was that the hackers were only detected when it was already too late to put the necessary filters in place to block unwelcome guests. The hackers work by sending the programme to multiple sites around the world, so it is probable that Yahoo! was attacked from all sides."

Another security expert, warns the attacks could be just the tip of the iceberg. "What you have to worry about" says Matt Bevan, director of Tiger Team Security in London "is when the ones who did this own up to it saying 'we used these tools' available for download from 'this' site. Then everyone is going to start using them."

Bevan suspects it wont be long before a major UK site is targeted and agrees that politically motivated individuals are likely to be involved.

So, are the cream of UK sites getting nervous? A spokesman for Freeserve, rated as the third largest global domain in the UK, says it is ready. "We have invested an awful lot in the service and are confident of the security... The opportunity for people to stop our service will be minimal."

Is your .co.uk ready? Tell the Mailroom

Take me to the Denial of Service round-up