November 11th, 2008

BBC hit by a DDoS attack

Posted by Dancho Danchev @ 11:22 am

Categories: Black Hat, Botnets, Denial of Service (DoS), Hackers, Malware, Pen testing

Tags: Security, BBC, British Broadcasting Corporation, DDoS, Dancho Danchev

The British Broadcasting Corporation (bbc.co.uk) was hit by a DDoS attack on Thursday, according to a statement sent to the Inquirer :

“In a statement to the INQ, the BBC said the attack originated in a number of different countries but didn’t specify which. When the Beeb’s techies blocked international access to a limited subset of servers, it resulted in a marked improvement of the serving of bbc.co.uk. Service supplier Siemens was forced to block addresses and prevent the attack using other methods like changing the DNS settings.”

The attack appears to have lasted for 1 hour and 15 minutes, which is the longest time the site has been offline during the entire 2008, was also confirmed by the distributed uptime monitoring company Pingdom earlier today :

“During the attack, the BBC website responded very slowly, and our monitoring shows that for a total of 1 hour and 15 minutes it did not respond at all. The downtime was spread over multiple short intervals, lasting just a few minutes each time. The attack lasted the entire evening. It started to have an effect after 5 p.m. CET and the performance was not back to normal until after 10 p.m. CET. Analyzing the response times of the website clearly shows the effect the DDoS attack had on the performance of the BBC website. The diagram below shows the hourly average load time of the HTML page (just the HTML page, without any images, external scripts, etc).”

Was the attack an act of hacktivism based on a particular article that somehow contradicted with the attackers’ perspective of the world? With the lack of specific details regarding the DDoS attack provided by the BBC, we may never know. One thing’s for sure - political DDoS attacks (Georgia President’s web site under DDoS attack from Russian hackers; Coordinated Russia vs Georgia cyber attack in progress) are going to get even more mainstream in 2009.

What are some of the driving factors contributing to this trend? The overall availability of malware infected hosts, which when once monetized ends up in DDoS for hire services whose prices for a large scale hourly attack are getting disturbingly affordable to anyone. The recently released “Worldwide Infrastructure Security Report” report by Arbor Networks also indicates that the DDoS attack rates exceed the ISP network’s growth, and have already reached the 40GB barrier. Ironically, the report also states that managed DDoS mitigation services are increasing, which is exactly what is happening on the DDoS for hire services front - they’re becoming ubiquitous as outsourcing DDoS attacks to experienced attackers directly messes up the entry barriers into a space that used to require experience, and an operational botnet a couple of years ago.