CastleCops learns about denial-of-service attacks - the hard way

Dark Reading Staff, Dark Reading

October 3, 2007

2 Min Read

2:45 PM -- How many security breaches occur each year without ever being reported? If we could somehow find out the answer to this elusive question, I believe the number would be staggering. Many companies don't report breaches because they fear the loss of confidence among their customers and shareholders. But in other cases, organizations have no choice but to suffer public scrutiny because the breach is there for all to see.

For example, what if you were surfing eBay, CNN, or the New York Times Websites when they suddenly went offline for minutes, hours, or days, even intermittently? This is exactly what happened to CastleCops in February of this year. Around February 13, the Website started suffering from bursts of distributed denial of service (DDOS) traffic that occasionally took it offline. On February 16, the site and its ISP were inundated with so much traffic that they were down for hours.

CastleCops is community-based site with both casual end users and researchers focused on phishing and malware. Why this particular site was targeted for DDOS, no one is quite sure yet. But one individual has been arrested in the CastleCops attack.

Greg King, a.k.a. SilenZ, faces a maximum sentence of 10 years in prison and $250,000 in fines. Robin from CastleCops says, "All too often, victims of [DDOS] attacks are left feeling let down and with a sense that the system fails."

Why is that? Well, for starters, it's hard to pinpoint the origin of a DDOS attack. The traffic is often sourced from a botnet comprising hundreds to thousands of compromised computer systems. The bots receive commands from a botherder through an IRC channel, using configuration files stored on a Web server or peer-to-peer communications between the bots. A botherder can proxy his traffic through Tor, anonymous proxies, or his own bots, making it nearly impossible to find him.

Since the reasons for King's DDOS attack against CastleCops still aren't clear, we can only speculate that he must have been offended in some manner by the site's operators or researchers. Maybe they were talking about how to disinfect his botnet hosts. Hopefully, we'll find out when the case goes to trial.

If you're unsure how your company would handle a DDOS attack, you should start discussions with your network administrators and ISP to develop an action plan.

— John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

Read more about:


About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights