Mafiaboy, the Canadian teenager accused of launching a series of distributed denial of service attacks against a septet of the Internet's most popular sites last year, pleaded guilty last week to 56 of the 66 charges against him -- just before his trial was set to start in a Montreal court.
While the action brought to a close one chapter in the DDoS saga of 2000, a year in which seven leading sites were hacked, another more disturbing chapter remains open: the fact that many of the same sites are still virtually powerless to stop such attacks.
The early February 2000 strikes -- which hit Amazon.com, Buy.com, CNN.com, eBay.com, E-Trade.com, Yahoo.com and ZDNet -- employed an army of "zombie" computers across the Internet to flood the Web servers with thousands of simultaneous requests for service, forcing them to shut down for several hours.
Despite vendors' efforts in the wake of last year's incidents to prevent future attacks, security experts say there's still no solution available that can fully protect a site from DDoS, a fact not lost on the sites hit last year.
Weak link is human
"There's still a vulnerability to this on every site," said Alan Phillips, who was CIO of ZDNet, at the time of last year's attack. "If someone is smart and dedicated, they can find a way in."
Web site administrators at the other attacked sites declined requests for interviews for this story. But experts point out that typically the weak link for sites is more human than technological.
While virtually all corporate networks employ some kind of firewall, few home users take such precautions, making them easy prey for hackers looking for machines from which to launch their attacks. At the other end of the line, experts say network administrators take too many chances and are inviting trouble by leaving open unnecessary ports on their networks, among other things.
"A powerful computer can send a lot of packets in a short amount of time and it becomes an arms race to counteract it," said Tom Noonan, CEO of Internet Security Systems. "It's careless not to protect your network from this stuff."
In fact, it would not take much work to repeat the damage of last year's attacks, said Bruce Schneier, CTO of Counterpane Internet Security. He said that the real problem is the number of hubristic administrators who rely on software and don't see the need for constant, proactive network monitoring.
"This is a problem, and it always will be," Schneier said. "These people have a false sense of security with all of this software they have, so they don't keep an eye on things the way they should. You get security through detection and response, not by building bigger and bigger walls."
