[Berlin, GERMANY] After the DDoS attacks on Yahoo!, eBay, and Amazon in
February 2000, the German Federal Minister of the Interior Otto Schily
founded a task force which in June published a catalog of defense measures
against such hacker attacks. However, a study by the Stiftung Warentest, a
German consumer watchdog group, has shown that these security
recommendations are not being given enough attention. 1,573 of the 103,770
German Internet addresses that were tested could be misused to flood other
In such an attack, the endangered computers readily relay the data sent
to them, or even multiply the amount of data. The addresses that did the
worst in the test were the Berlin shipping company Ulrich Rieck & Svhne,
the Neuruppin city works site, and Amazon.de. These addresses increase
the data packets from 30 to 50 times their original amount; for every
“ping” sent there were up to 50 “pongs”. Hackers can manipulate such
computers. The consequence: the flood of data produced because of faulty
security settings is sent to a single target address, which then
collapses under the strain.
A flood attack can have concrete consequences for each and every surfer.
If, for instance, an online stockbroker is lamed, customers may not be
able to buy or sell stock for several hours. On the New Market, some
securities can lose up to 50 percent of their value in this amount of
time. The collapse of an online bank or an e-mail provider can also have
grave consequences for surfers.
The result of the study: around 1.5 percent of all the Internet
computers that were tested sent more than one pong back and are
therefore a danger to other network users. At first glance this seems to
be a good result because it is such a small percentage. But in a
worldwide computer network, just a few weak points can endanger the
whole system. Even if nearly all the networked computers have perfect
security settings, it takes just a few computers with faulty settings to
make every computer in the network vulnerable to attack. A solution to
the problem will only be found through intense cooperation. Information
and service providers on the Internet must work together with the
companies that give them access to the Internet in the first place.