上海性息_上海专业的夜网论坛

Powered By Vou!

Q&A: The future of cyber attacks

on 16/07/2019

SBS reporter Rhiannon Elston talks to computer systems expert Suelette Dreyfus from the University of Melbourne.

上海性息

Suelette, thanks for joining us. Can you explain to us exactly what’s happened here? Essentially what’s happened is that there’s an international non-profit organisation called Spamhaus in Europe. Their role is to track spam operators – people who send you junk mail in your email box and to provide protection to ISPs and people who provide your emails from that spam. And someone or some group of people have done a ‘denial of service’ [or DDoS] attack on Spamhaus.

What that means is that all of the internet pipes going to and from Spamhaus have been completely clogged up. The attacks on Spamhaus have actually caused something of a slowing of connectivity, particularly in Europe. It’s less likely to have an impact on individuals and consumers here in Australia. It might have a very small impact on large transfers of data between organisations.

The key thing that happened here wasn’t the fact that it happened at all, but the scale of how many were impacted by it. Why did it affect so many?

Well if you throw a large wad of gum into the pipes, if you think about the internet that way, you are likely to reduce the amount of material that can flow through the pipes. And that’s what’s sort of happened here. If you overflow them with a lot of information requests, then you will not have so much room for the legitimate information.

Is it concerning, the fact that this happened to a large computer organisation, presumably run by people with a high degree of computer literacy? Those of us who don’t know that much about computers might be wondering, shouldn’t they have been able to fend that off, and if they can’t – what does that mean for the rest of us?

Well, yes and no. It’s a little bit of a tricky question. You can do a number of things to improve the likelihood that you will not suffer attacks by hackers or other sorts of attacks. It’s a little harder to defend against a DDoS attack, because it’s sort of external to the organisation. So an average consumer can run a security software, that’s sometimes helpful. They can do sensible settings on their machines, not making access public, that sort of thing.

However, there’s always a trade-off. And it’s a bit like free speech, really. If you have free speech on the internet, there’s going to be a small bunch of people who are really noisy and saying really obnoxious things. There’s not much you can do except largely ignore them and wait for it to pass, and focus your time and energy somewhere else. But at the same time, you could have a system where you clamp everything down and it’s centrally controlled and there’s none of that annoying rabble and no DDoS attacks, but it comes at a cost of choices and freedom.

Does this sort of behaviour show that cyber attacks are becoming more sophisticated?

They are. With a DDoS attack what typically happens, and what probably happened in this case, although I don’t think the details have been worked out yet, is that an organisation, for example a spamming company, will go and somehow get access to a botnet. A botnet is a group of computers that have basically been infected by malware, by a rogue computer program or virus or whatever, and they’ll sit quietly on all those machines, and then one day they’ll activate. And they’ll say, ok, all 10,000 machines, let’s all try and connect to this one company. And when you do that, you flood the pipes that are going into the company and nobody else can get to that company – as an example. That’s a simplified version, but that’s kind of how it works.

So the nature of those attacks and the idea of getting more and more botnets – so more and more of these clusters of computers — they’re called actually zombies. That is actually getting more sophisticated. And you can now sort of buy on the black market a cluster of 1,000 or 2,000 or 10,000 of these machines, that are just people’s everyday machines but they might have this backdoor software in it that turns them into zombies and a botnet.

How far could these cyber attacks go? Is it possible, for example, for a really large-scale attack to take out the internet entirely?

I don’t think that’s the future of these cyber attacks, and the reason is because of the beauty of the internet’s design, and what really is quite a beautiful design, is that it is so decentralised. There are so many pieces of it all over the place that you can always do a workaround. So, if one connection between you and I is broken, there’s another path, or 100 other paths we could use to get to each other.


Comments are closed.