Cyber attack .....

When country attacks another it becomes a big news. When someone attacks other person that also make a news item. But the recent cyber attack was least spoken about at least in the Indian news media barring one channel that had discussed it.

But let us try and find out what exactly happened that caused this attack.This is the information I gathered from various sites.

Spamhaus, an anti-spam company, placed Cyberbunker on their black-list of spam generating companies. Cyberbunker quickly retaliated with a Distributed Denial of Service (DDoS) attack, which essentially is an attempt to make a machine or network resource unavailable to its intended users.Such attacks would saturate the server with communication request making it unavailable.

The initial attack failed. When the DDoS attack failed, Cyberbunker widened the assault by exploiting a weakness in DNS. This weakness allowed the impact of the attack to be magnified by 50 times by using decentralized cyber nodes around the world as a means of attacking these two companies. This meant that although only two companies were specifically targeted, the attack jammed cyber infrastructure worldwide, causing Internet traffic to slow across the world.

First, some background: The attacks originally targeted a European anti-spam company called Spamhaus, which blacklists what it considers sources of email spam and sells those blacklists to Internet Service Providers. The attack began early last week as waves of large but typical DDoS (Distributed Denial of Service) assaults shortly after Spamhaus blacklisted Cyberbunker, a controversial web hosting company. Cyberbunker has not directly taken responsibility for the attacks against Spamhaus.

In a common DDoS attack, hackers use thousands of computers to send bogus traffic at a particular server in the hopes of overloading it. The computers involved in DDoS attacks have often been previously infected with malware that gave a hacker control of the machine without the legitimate owner's knowledge. Hackers use malware (often sent via email spam) to amass large networks of infected computers, called "botnets," for DDoS operations and other purposes.

Spamhaus contracted with security firm CloudFlare to help lessen the intensity of the attacks soon after they began. CloudFlare has been defending Spamhaus by spreading the attacks across multiple data centers, a technique that can keep a website online even if it's hit by the maximum amount of traffic a typical DDoS can generate.

These attacks, have evolved into a complex and ferocious beast, pointing up to 300 gigabits per second at an expanding list of targets. How?

After the hackers realized they couldn't knock Spamhaus offline while it was protected by CloudFlare, they chose a different tactic: targeting CloudFlare's own network providers by exploiting a known fault in the Domain Name System (DNS), a key piece of Internet infrastructure.

DNS essentially turns what humans type into an address bar ("www.mashable.com") to the desired website's IP address and helps to deliver the desired Internet content to a user's computer. An essential element of the DNS system are DNS resolvers — 21.7 million of which are open and able to be found and manipulated by hackers.

Because DNS resolvers are connected to large pipes with plenty of bandwidth to point at a target, hackers can manipulate them to amplify standard DDoS attacks from a maximum of about 100 gigabits per second to the neighborhood of 300 gigabits per second.