Protection racket hits web retailers

April 28, 2011 09:41 AM

Faster Internet access has helped e-commerce flourish in the past decade. But now it’s giving criminal operators of botnets greater firepower to bring down e-retail sites. And those criminals are demanding that big online retailers pay them off to halt their attacks, according to executives at content delivery network provider Akamai Technologies.

“It’s like in the old days when people would show up at your physical store and say, ‘This is a nice store you’ve got here. It would be too bad if something happened to it next week.’ It’s the same thing with web sites,” says Michael Smith, security evangelist at Akamai.

He says criminals try to overwhelm e-retail and other sites with traffic at peak times, when the attacks can cause the most damage. Akamai reported late last year a spike in attacks against e-retail sites on the busy Thanksgiving weekend.

Akamai alluded to those attacks in its recently released “State of the Internet” report for the fourth quarter of 2010, noting several incidents of Akamai retailer clients that were hit with distributed denial of service attacks in the last three months of 2010. In those attacks, criminals use the botnets they’ve pieced together by infecting thousands of computers of unsuspecting consumers to barrage a web site with requests, overwhelming the site’s ability to respond to legitimate requests and thus making it inaccessible to legitimate shoppers.

In the case of one Akamai retailer client, request traffic reached 14 gigabits per second, 9,000 times the normal rate, the report says.

Akamai did not identify the retailers attacked, other than to say they are in the top 250 of those listed in the Internet Retailer Top 500 Guide. And Smith says Akamai does not know how the retailers may have responded to any requests for payment. He adds, however, “Paying protection is a bad way to go, and in some jurisdictions it would be illegal.”

The attacks usually last two to three days, Smith says. By then, the attackers either have achieved their goals or are convinced they won’t. In either case, he says, it makes sense for them to use their resource—their botnet—to go after other potential victims.

The attackers seemed to use a single botnet based on certain characteristics that Akamai observed. That includes similar start and end times for the attacks and most of the traffic coming from certain countries, notably Thailand, Brazil and Russia. Smith says it’s not clear whether it’s a single criminal organization conducting the attacks or if the entity that controls the botnet is renting it out to several crime rings.

But the threat is increasing, he says, because growing broadband adoption means the consumer computers the botnet controls can fire off requests more quickly. The Akamai report notes that adoption of high broadband connectivity—over 5 megabits per second—increased 2.6% worldwide in the fourth quarter over the previous year. “As broadband penetration increases and people get faster broadband connections to their home, the volume of traffic a botnet can bring will rise in proportion to that,” Smith says.

Smith says the distributed denial of service, or DDoS, attacks against retail sites first started showing up in significant numbers in the second half of last year. While e-retailers are most likely to be hit by hackers seeking payoffs, he says there have also been attacks by political activists seeking publicity for their cause. Prime examples of that are the attacks late last year related to the web site WikiLeaks that released large quantities of confidential U.S. government cables.

Retailers that are attacked should try to cut off botnet traffic before it reaches—and clogs—their data centers, working with Internet service providers and technology providers, including Akamai, that can recognize and block illegitimate traffic. In some cases, retailers may want to temporarily block any traffic from countries known to be the source of botnet activity, he says.

Besides disclosing the denial of service attacks against retailers, the Akamai report also provided extensive data on other web security and connectivity speeds.

In terms of overall Internet attack traffic, Russia took over the top spot in the fourth quarter, with 10% of observed attack activity, replacing the United States, which had been the leading source in the third quarter. The U.S. dropped to fifth, accounting for 7.3% of attack traffic in the fourth quarter compared with 12% in Q3. Russia had been second in Q3, with 8.9% of global attack activity. Data in the report are compiled from Akamai’s network of 84,000 servers in 72 countries that accelerate the delivery of web site content.

Akamai’s report also included the following:

  • 61% of Internet users worldwide access the Internet through broadband connections of at least 2 megabits per second. The Isle of Man and Monaco lead the way, with 96% of their Internet users on broadband; the U.S. is 14th at 75%.
  • 23% of Internet users globally use high broadband connections exceeding 5 megabits per second. Japan leads the way at 58%, while the U.S. ranks eleventh at 36%.
  • Within the U.S., Delaware has the highest average connection speed at 7.2 megabits per second. Riverside, CA, leads U.S. cities with an average speed of 7.58 megabits per second.
  • Delaware leads the way with 97% of its residents on broadband; Iowa is the only state with less than half of Internet users (45%) accessing the web via broadband connections.



Top Solution Providers