Jonathan Bowers, UKFast
Imagine it's Valentine's Day for example, wouldn't be it be good - and very profitable - if you were the only company selling red roses? Technically you can be... This sort of activity is called a DDoS, or denial of service, attack.
Jonathan Bowers is the Managing Director of UK web hosting company UKFast, and says although this sounds like something from a thriller, it's a lot more common than we think. He started by explaining what UKFast actually do...
Jonathan - As a web host, we build data centres that house the computers that power the internet. I suppose, in effect, we connect those computers with the world. So, from that platform, weíre connecting businesses with their customers, weíre connecting soldiers with their families, paramedics with their training. So, itís a very crucial and important job that the web host does to make sure that these organisations reach the rest of the world.
Chris - What is one of these denial-of-service attacks and what does it comprise?
Jonathan - Well effectively, denial-of-service attack is a huge amount of resource hitting one website. So, if you imagine that you have an advert during Coronation Street for instance and you have a million who decide, ďI like the look of that. I'm going to go online and I'm going to try and buy it.Ē Now, you might have a million people hitting that website at one moment. Now, there are very few websites that could cope with that amount of traffic and effectively what a DDOS attack is, is a simulated version of that where nefariously, somebody is attacking a website with so much information that they know the resource wouldnít be able to cope and it will knock that website over.
Chris - When this happens, how much does it cost the industry?
Jonathan - Well, I think probably itís very difficult to say overall how much it costs the industry because Iíd imagine, there are lots of businesses who donít like to ever admit to having been impacted by a DDOS attack. But there are a number of stats on how much it costs the industry and it depends how big the business is and it depends exactly what they're doing online. So, if youíve got a very busy e-commerce website Ė letís imagine a retail website that might be expecting 80,000 visitors across their busiest day, imagine if that website was down for the whole of that day because its infrastructure have been taken offline. That would mean it loses out on all that opportunity and all that money. So, you could be talking hundreds of thousands of pounds. For large businesses, the average breach could be worth somewhere between 450,000 and 850,000 pounds to that business.
Chris - Now, UKFast as a web hosting company hosts thousands of businessís websites in your data centres. So, have you got evidence that this is actually happening? Can you see evidence that people are taking down their competitors in this way?
Jonathan - What we see tends to be circumstantial evidence. When somebody performs a DDOS attack, they're actually using IP addresses that are very difficult to trace back to any particular place.
Chris - These are like postcodes for where your computer is on the internet, isnít that?
Jonathan - Absolutely. so, every website has a numerical address as well and thatís its IP address. What DDOS attacks do is flood with lots and lots of traffic that IP address, that postcode as it were. Itís very difficult to trace that back because there's a black market on the internet where people can buy DDOS attacks. Effectively, what happens is, you tend to find that if somebody is attacking a website at a particular time, itís because they have motive. And you can also find that there are other ways that that person might have had a look at that website and effectively try to hack into that website through other vulnerabilities. So, business like ours are being asked to look more and more into whether there are what you'd call vulnerabilities in the website itself that are allowing these things to happen. In reverse, engineering those vulnerabilities, you're often able to see that somebody has actually been in, had a look, disappeared again and in these cases, often, they're not as clever as the DDOS attack itself and it can trace it back. If you can pass that information onto law enforcements, often they're able to then look further into it and discover that actually the DDOS attack came from the same perpetrator.
Chris - And where in the world are these attacks originating?
Jonathan - Well, the attacks originating in a number of key areas and the Asia Pacific area quite often. In fact, in Q1, the first quarter that is of this year 2014, over 40% of all DDOS attacks where originating from China. That numbers has dropped significantly in the second part of the year and in actual fact, the USA is the place with 20% of all originated DDOS attacks. However, itís a bit of a misnomer to believe that just because the DDOS attack originated there, it means the perpetrator who actually paid for it to happen originated there as well because they could be anywhere in the world and they could have bought that from that particular country.
Chris - So, looking at how it would work, if I wanted to push my business online and nobble my competition, traditionally, I would have a marketing budget and Iíd spend some money printing some leaflets and posters and a radio or TV campaign or something. What I could do now is to spend some money paying someone nefariously overseas to basically cripple my competitorís websites with one of these DDOS attacks.
Jonathan - Yes, DDOS attacks direct at one particular website. So, you might end up spending quite a bit of money if you were to try and knockout everybody else that sells roses on Valentineís day for instance. But I suppose, the big opportunity for people could be where they rank very highly in Google, but their main competitor ranks perhaps just above them or just below them on that search engine. In actual fact, if somebody is searching at that time then a DDOS attack is hitting the number one term in that search list, then people move to the number two term. If thatís your competitor then they might get lucky.
Chris - What can we do to defend ourselves? What can companies like you do to protect the people whose websites you host?
Jonathan - Well, I suppose the first thing is intrusion detection and intrusion prevention. Itís important to point out that every website are just like at home where you'd have an antivirus on your computer. Your website should be protected in your hosting by firewalls and by routers and switches that have the ability to spot traffic that is slightly out of the norm for instance across the network. If you can find that traffic that doesnít seem quite right, perhaps sending millions and millions of visitors at one time then often that means that itís out of character for the website and these intrusion detection prevention systems are able to step in and actually, reroute that or alert somebody to it so that they can actually stop this from happening.