It’s the alarm message regularly sent by enterprises and – between the attacks against TV5 and France Television – by nearly all Belgian printed news media.
It’s one of the most basic and simple attacks. You don’t need skills outside the one to send a request to a site. As you do each time you connect to your information security awareness blog.
The difference lays in the fact that one sends thousands of simultaneous requests that overload and block the access control server. What would you do if thousands of persons wanted at the same time to ring your doorbell? It’s exactly what happens.
Pirates infect your computer (letting you think what they send you is innocent) and use it, at the best moment, to launch an attack that comes from everywhere.
We speak about Denial of Service (DOS) or Distributed Denial of Service (DDOS).
You’ll have a similar effect if, eventually, one comes to empty three lorries of gravel just in front of your door. If one attacks your service provider – the one that gives you access to the Internet – you’ll also be blocked (with all others clients).
What can we do?
“Prevention is better than cure” says the popular wisdom. Here, I have to disappoint you: NOTHING!
All computers are connected to the network with one single address (called ‘IP’, this series of four groups of numbers separated by dots [e.g 255.12.14.0]) and one single name easier to remember and write: the url (http://www.info-attitude.com).
If this address is blocked, whatever the cause, there is nothing to do than wait.
Internet – and computer networks in general – hasn’t foreseen this case.
If all building (even your house or flat) has / should have an emergency exit, this isn’t the case in informatics: one address and one path to your computer. Even trains and coaches have their ‘emergency accesses’.
As long as this incongruity isn’t corrected, we’ll stay exposed to this kind of attack.
Your only reaction is to call the police. They’ll pass the claim to the adequate authority.
Normally a CERT (Computer Emergency Response Team) should be active in your country or region (e.g. CERT.be) that documents and relays these events… but you are without computer access. You then need to do it from home or go through your neighbour.
In the mean time, take a book (this heavy bunch of paper that has this particular odour) or a pen (one says we’ll shortly stop teaching kids to learn handwriting) and a sheet of paper to send this urgent mail through de Post instead of a very fast email.
This attack is totally different from the one that targeted TV5.
It’s also completely different from the one that, one week later, aimed France Television. By this one, ‘one’ entered to steal (in fact ‘copy’) the files with the coordinates of candidates to the various TV games: a list with names, postal addresses, telephone numbers (and probably bank accounts) other crooks are ready to pay a lot for.
On the motorways (or highways if you prefer), we have speed controls, repair works, custom controls (on what is transported), alcohol controls and controls for these who are driving ‘under influence’.
The Internet is sometimes called ‘the information highway’. However, nothing this kind exists or is even foreseen.
I’m sorry to write such a post as a ‘angry outburst’ that doesn’t bring you any good news or solution. Buts it’s part of my ‘mission’. The more you’ll be informed, the more you’ll be able to request the necessary changes… if the ‘competent authorities’ really care about it.
An informed Internet surfer is worth two. Let’s hope it.
Thank you for sharing this post and to communicate to our small community that slowly grows your comments and remarks on this technical aberration.
See you soon, more secure with your information