Nav: Home

CISPA researchers present early warning system for mass cyber attacks

March 15, 2017

Researchers from the Competence Center for IT Security, CISPA, at the Saarland University have developed a kind of early warning system for this purpose. Details and first results will be presented by the scientists at the computer fair Cebit in Hannover.

These mass cyber attacks, known as "Distributed Denial of Service" (DDoS) attacks, are considered to be one of the scourges of the Internet. Because they are relatively easy to conduct, they are used by teenagers for digital power games, by criminals as a service for the cyber mafia, or by governments as a digital weapon. According to the software enterprise Kaspersky, some 80 countries were affected in the last quarter of 2016 alone, and counting. Last October, for example, several major online platforms such as Twitter, Netflix, Reddit and Spotify were unavailable to Internet users in North America, Germany, and Japan for several hours. A new type of DDoS attack, a so-called amplification attack, was found to be the source of these outages.

"What makes this so insidious is that the attackers achieve maximum damage with very little effort," says Christian Rossow, professor for IT security at the Saarland University, and head of the System Security Group at the local IT Security Competence Center, CISPA. Remote-controlled computers are used to direct requests at vulnerable systems in such a way that the system's responses far exceed the number of requests. The request addresses are then replaced by the Internet address of the victim. Rossow has identified 14 different Internet protocols that can be exploited for this kind of attack.

To investigate these malicious attacks, and the people and motives behind them more closely, Rossow has developed a special kind of digital bait for distributed attacks (also known as honeypots), in collaboration with the CISPA researchers Lukas Kraemer and Johannes Krupp and with colleagues from Japan. 21 of these honeypot traps were laid out in the more obscure corners of the Internet, enabling the researchers to document more than 1.5 million attacks. In this manner, he could identify the different phases of attacks which helped develop an early warning system from the data. He additionally attached secret digital markers to the attack codes he discovered in the digital wilderness, and was thus able to trace the source of the attacks. "This is quite impressive, because these address counterfeiters usually remain hidden by default," says Rossow.

This is not the first time that Rossow has systematically infiltrated cyber-criminals' networks. He also managed to take down the infamous botnet "Gameover Zeus" in a similar manner, on behalf of the US domestic intelligence service FBI. In the meantime, he has redesigned his bait to match the latest varieties of DDoS attacks. Cyber-criminals today no longer rely on vulnerable servers, but also attack networked televisions, webcams, or even refrigerators. The "Internet of Things" makes it possible.
-end-
Background: Competence Center for IT Security CISPA

CISPA was founded at the Saarland University as a competence center for IT security in October 2011, with the support of the German Federal Ministry of Education and Research. It combines the IT security research of the Saarland University's Computer Science department, as well as that of its on-campus partners, the Max Planck Institute for Computer Science, the Max Planck Institute for Software Systems, and the German Research Center for Artificial Intelligence, DFKI. Meanwhile CISPA has developed into an established research center for IT security with international appeal. Due to the excellent quality of its scientific publications and projects, CISPA is one of the leading research centers for IT security in the world today.

Additional Information:

Link to Paper "AmpPot: Monitoring and Defending Against Amplification DDoS Attacks" http://christian-rossow.de/publications/iotpot-woot2015.pdf

Press photos can be found here free of charge http://www.uni-saarland.de/pressefotos

Further Inquiries:

Prof. Dr. Christian Rossow
Center for IT Security, Privacy and Accountability
Saarland Informatics Campus E9.1
Phone: +49 681 / 302-70797
E-Mail: rossow@cispa.saarland

Johannes Krupp
Center for IT-Security, Privacy and Accountability
Saarland Informatics Campus E9.1
Phone: +49 681 / 302-70805
E-Mail: johannes.krupp@cispa.saarland

Editor:

Gordon Bolduan
Competence Center Computer Science Saarland
Phone: +49 681 302-70741
E-Mail: gbolduan@mmci.uni-saarland.de

Saarland University

Related Internet Articles:

Weaponizing the internet for terrorism
Writing in the International Journal of Collaborative Intelligence, researchers from Nigeria suggest that botnets and cyber attacks could interfere with infrastructure, healthcare, transportation, and power supply to as devastating an effect as the detonation of explosives of the firing of guns.
The Internet and your brain are more alike than you think
Salk scientist finds similar rule governing traffic flow in engineered and biological systems.
Internet data could boost conservation
Businesses routinely use internet data to learn about customers and increase profits -- and similar techniques could be used to boost conservation.
Internet in wide open spaces
With NSF funding, UCSB computer science professor Elizabeth Belding leads efforts to provide internet to rural tribal communities
Designing the future internet
This century, our world will be flooded with hundreds of billions of smartphones, gadgets, sensors and other smart objects connected to the internet.
Is Internet service reaching marginalized groups?
Politically excluded groups suffer from lower Internet access compared to groups in power, a new study reports.
Secure networks for the Internet of the future
Two new projects at the University of Würzburg's Institute of Computer Science receive nearly €750,000 worth of funding.
Access to the Internet makes us less willing to say we know things
People are less willing to rely on their knowledge and say they know something when they have access to the Internet, suggesting that our connection to the web is affecting how we think.
'Tuning in' to a fast and optimized internet
The path toward an even faster internet has been hindered by energy consumption and cost per optical component.
Really, what is the internet of things?
The Internet of Things, IoT, the cloud, big data...buzzwords for the modern age.

Related Internet Reading:

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Bias And Perception
How does bias distort our thinking, our listening, our beliefs... and even our search results? How can we fight it? This hour, TED speakers explore ideas about the unconscious biases that shape us. Guests include writer and broadcaster Yassmin Abdel-Magied, climatologist J. Marshall Shepherd, journalist Andreas Ekström, and experimental psychologist Tony Salvador.
Now Playing: Science for the People

#513 Dinosaur Tails
This week: dinosaurs! We're discussing dinosaur tails, bipedalism, paleontology public outreach, dinosaur MOOCs, and other neat dinosaur related things with Dr. Scott Persons from the University of Alberta, who is also the author of the book "Dinosaurs of the Alberta Badlands".