Communications of the ACM
Hack Attacks, Explained
After the Syrian Electronic Army disrupted The New York Times website for nearly a day, Harvards Jonathan L. Zittrain discussed how institutions will have to react in order to protect themselves.
Credit: Stephanie Mitchell
In an interview, Harvard University professor Jonathan L. Zittrain says recent cyberattacks on media outlets such as The New York Times offer lessons on how institutions can guard against future incidents.
Distributed-denial-of-service (DDoS) attacks are common because of the ease with which unsecured computers can be hijacked online. Furthermore, marketplaces exist that sell access to PCs so that perpetrators do not even need to have hacking skills.
Although websites such as The New York Times are well-guarded against DDoS attacks, they are still vulnerable to domain name server (DNS) attacks that point site visitors to a different website. In the New York Times attack, Zittrain surmises that someone hacked the site's password with its domain name registrar, compromised the registrar's systems overall, or convinced the registrar to recover a password.
"Rerouting DNS also could entail rerouting all of the company's incoming email if it's attached to the same domain," Zittrain says. He notes that disruptions are happening more often, possibly because they are seen as having more impact as more people use the Internet. Ideally, security strategies should emerge "that don't entail every site huddling under the umbrella of a couple massive Web-hosting providers," Zittrain says.
From Harvard Gazette
View Full Article
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found