Internet Attacks Grow in Size, Network Providers Attempt to Keep Pace, Air Force Goes Proactive in Cyberspace

The United States Air Force Cyber Command is dedicated to preparation for a war that will be fought in the electromagnetic spectrum, and that must defend against destructive use of computers used as military weapons. Terrorists and enemy combatants can use GPS and SATCOM, conduct Internet financial transactions, use radar and navigational jamming, and attack computer servers as a method of causing destruction and disruption of critical infrastructure: communications, transportation, finance, utilities, etc.

In Internet attacks, computer networks are hijacked to form botnets that bombard targets with random packets of data in huge streams, which bring down Web sites and entire corporate networks. These distributed denial of service, or DDOS, attacks are now routinely used during political and military conflicts, as in Estonia in 2007 during political fighting with Russia, and in the Georgian-Russian war last summer. DDOS attacks are also being used in blackmail schemes and political conflicts.

DDOS attacks in a worst case scenario could affect military communications, data transfer and the proper functioning of SCADA systems (systems that remotely monitor data and control devices).

A survey of 70 of the largest Internet operators in North America, South America, Europe and Asia found that malicious attacks were rising sharply and that the individual attacks were growing more powerful and sophisticated, according to the Worldwide Infrastructure Security Report.

The report shows that the largest attacks have grown steadily in size to over 40 gigabits, from less than half a megabit, over the last seven years. The largest network connections generally available today carry 10 gigabits of data, meaning that they can be overwhelmed by the most powerful attackers.

The Arbor Networks researchers said a 40-gigabit (typically the among the largest) attack took place this year when two rival criminal cybergangs began quarreling over control of an online Ponzi scheme —  a fraudulent investment operation that involves promising or paying abnormally high returns (“profits”) to investors out of the money paid in by subsequent investors, rather than from net revenues generated by any real product or business.

Attacks on e-commerce sites are up. “Most enterprises are connected to the Internet with a one-gigabit connection or less. Even a two-gigabit DDOS attack will take them offline.”

Large network operators that run the backbone of the Internet have tried to avoid the problem by building excess capacity into their networks.

According to the Arbor Networks report, network operators said the largest botnets — which in some cases encompass millions of usurped computers — continue to “outpace containment efforts and infrastructure investment.”

Over all, the ISP’s reported they were growing more able to respond to DDOS attacks because of improved collaboration among service providers. Percentage of Internet attacks referred to law enforcement authorities has declined.

58 percent of the ISP’s had referred no instances to law enforcement in the last 12 months.
29 percent said law enforcement had limited capabilities to respond to cyberattacks
26 percent said they expected their customers to report illegal activities
17 percent said there was “little or no utility” in reporting attacks.

The Worldwide Infrastructure Security Report is produced annually by Arbor Networks, a company in Lexington, Massachusetts, that provides tools for monitoring the performance of networks.

More info …
Air Force Cyber Command —
Worldwide Infrastructure Security Research Report —