Menu

ARCHIVE

How a Brute-Force Cyber Attack Works

There's no way to prevent future cyber attacks similar to the one that has been targeting dozens of Web sites in the U.S. and South Korea since the July 4 holiday weekend, experts say.

Called directed denial-of-service attacks, or DDoS, they are easy to carry out, and the method is simple: Bombard the servers hosting a particular Web site with so many requests for information that the servers become overwhelmed and the site goes offline.

"There is no way currently known that can prevent these kinds of things from occurring," Eugene H. Spafford, director of Purdue University's Center for Education and Research in Information Assurance and Security, told FOXNews.com. "These attacks rely on the poor protection and compromises of computer systems around the world."

• Click here to visit FOXNews.com's Cybersecurity Center.

• Got tech questions? Ask our experts at FoxNews.com's Tech Q&A.

In this instance, malicious computer programmers, possibly working for North Korea or groups sympathetic to it, would have started by infecting thousands of computers running Microsoft Windows with a computer virus.

A rogue programmer would then have been able to "herd" the PCs into a virtual networked computer, or "botnet," that he could command to do whatever he wanted.

"There are tens of millions of computers that are potentially vulnerable," Spafford said. "If those systems are implanted with bot controllers, there's little you can to do prevent it."

When the attack began, the "bot herder" would have directed his botnet to begin requesting information from the Web servers, much as you do when you go to a Web site.

But there are subtle twists that make this sort of Internet interaction different from just requesting a Web page.

First of all, the attacking computers would "spoof" their own Internet Protocol addresses so that when the host servers replied with the requested data, the information would go nowhere, and the host servers would be told the requesting PC was busy or unavailable.

The host servers would then keep trying to send the data, tying up their own processing power and bandwidth -- how much data they can output through their Internet connection -- until they gave up.

Second, the host servers would be getting tens of thousands of such bad requests per second. The botnet-controlled PCs would be running scripts constantly generating new spoofed IP addresses, and constantly sending them to the targeted Web sites, which would be trying in turn to fulfill each and every request.

Between the volume of the requests and their frustrating nature, a Web site with few servers or limited bandwidth can quickly be taken down. Others with greater physical and financial resources can take the punishment.

That may explain why high-volume Web sites such as those belonging to the White House, the Pentagon and the New York Stock Exchange were able to withstand such attacks with barely a hiccup, while the Federal Trade Commission's and the Transportation Department's were knocked offline.

"Most of these high-profile sites are undergoing several attacks of this nature on a continuous basis," said Spafford. "If any sites went down, it indicates that those sites haven't been targeted in the past."

But they'd better get used to it, he said.

"This is not an uncommon kind of event," said Spafford. "It's unusual because of the time and the target. It's likely something we're going to see more of as time goes on."