Akamai Confidential ©2011 Akamai

In the Cloud SecurityHighlighting the Need for Defense-in-Depth

R. H. Powell IVDirector, Government SolutionsCISSP

Rpowell@Akamai.com

W: 703.621.4029

M: 703.867.5899

Akamai Confidential ©2011 Akamai

Headlines You May Have Seen

Online attack hits US government Web sites (7 Jul 09)

Twitter DDoS Attack Politically Motivated, Says Report (7 Aug 09)

With botnets everywhere, DDoS attacks get cheaper (15 Oct 09)

Hacker grinches launch DDoS attack against Amazon (29 Dec 09)

Carriers and ISPs fear rise in DDoS attacks in 2010 (20 Jan 10)

Chinese Human Rights Sites Hit by DDoS Attack (25 Jan 10)

Chinese ISP Momentarily hijacks the Internet (again) (8 Apr 10)

The Internet Goes to War (14 Dec 10)

Anonymous Launches DDoS Attacks on Sony (06 Apr 11)

Biggest Series of Cyber-Attacks in History Uncovered (03 Aug 11)

Hackers Target Mexico Government Websites (15 Sep 11)

Anonymous Threatens to ‘Erase NYSE from the Internet’ (3 Oct 11)

LulzSec Hacker Group Claims Attack on US Senate Website (5 Oct 11)

Canadian ISP Website – SQL Injection Vulnerability (5 Oct 11)

Akamai Confidential ©2011 Akamai

Headlines You DID NOT See

President Delays Trip Due to Cyber Attacks

Independence Day Attacks Paralyze the U.S.

Financial & Government Websites Attacked and Taken Down: Stocks Show Concerns

Akamai Confidential ©2011 Akamai

The Threat is Real

DDoS is the #1 Preferred Method of Attack (TrustWave 2011)

74% of surveyed companies experienced one or more DDoS attacks in the past year, 31% of these attacks resulting in service disruption – Forrester Research

LulzSec, Anonymous declare war on government websites Hacker groups call for stealing, leaking classified informationBy Kevin McCaney Jun 20, 2011

Akamai Confidential ©2011 Akamai

Akamai Attack Trends in 2011

Total DDoS attack volume against Akamai customers is growing 100% 2010 – 2011

Average Attack sizes are in the 3 -10 Gbps range

Attacks are originating from all geographies and are moving between geographies during the attack 2009 2010 2011

0

100

200

300

400

500

600

Akamai DDoS Attack Trend Data

2011 volume is projected based on actuals through September

The Akamai network saw more DDoS attacks in the fourth quarter of 2010 than in the first three quarters of the year combined – Tom Leighton, Chief Scientist, Akamai Technologies

Akamai Confidential ©2011 Akamai

Why?Extortion / Theft Political Hackitivism

State Sponsored Traditional Hackers: Glory Hounds

Akamai Confidential ©2011 Akamai

Why?Extortion / Theft Political Hackitivism

State Sponsored Traditional Hackers: Glory Hounds

Akamai Confidential ©2011 Akamai

July 4th DDoS Attack TimelineDistributed, Agile and Multi-Phased Attack

“The first list had only five targets — all U.S. government sites. A second list used by the malware on July 6 had 21 targets, all U.S. government and commercial sector sites, including e-commerce and media sites. A list on the 7th switched out some of the U.S. sites for ones in South Korea. …- Joe Stewart, director of malware research at SecureWorks

“While Treasury Department and Federal Trade Commission Web sites were shut down by the software attack, which lasted for days over the holiday weekend, others such as the Pentagon and the White House were able to fend it off with little disruption” --

New York Times

Akamai Provides Customers the Ability to “Fight Through” the Attack !

All Targeted Applications on the Akamai Platform Remained Available. All Targets Applications not on the Akamai Platform were Rendered Unavailable.

Protected Akamai Customers from Effects

Absorbed: 1M+ Hps; 200+ Gbps; 300k+ Attack IPs

Denied the Attacker - Affects on Targets

Maintained Customer Brand Integrity

Provided Near Real-Time SA & Alerting

Provided Analysis to US Cyber Officials

Akamai Confidential ©2011 Akamai

Oct 5, 2011: Vulnerability Scanning Shut Down

- Scanning triggers alerts- Offending requests are identified and denied <4hrs

Akamai Confidential ©2011 Akamai

Why?Extortion / Theft Political Hackitivism

State Sponsored Traditional Hackers: Glory Hounds

Akamai Confidential ©2011 Akamai

Holiday Season 2010 – DDoS AttacksAttacked eCommerce Web Sites Protected by Akamai

PROTECTED

Customer #1

Customer #2

Customer #3

Customer #4

Customer #5

Times AboveNormal Traffic

9,095x

5,803x

3,115x

2,874x

1,807x

Peak AttackTime (GMT)

11/30 2PM

12/1 2PM

11/30 2PM

12/1 1PM

12/1 1PM

Highly distributed international DDoS attacks from Asia-Pac, South America and Middle East

Customer 1

Customer 2

Customer 3

Averted $15M in Lost Revenue

Akamai Confidential ©2011 Akamai

Why?Extortion / Theft Political Hackitivism

State Sponsored Traditional Hackers: Glory Hounds

Akamai Confidential ©2011 Akamai

Customer Telemetry – Q2 2011 During LOIC Attacks

Average response time during attack:0.87 seconds.

Availability during the LOIC attack: 100%

Akamai Confidential ©2011 Akamai

Why?Extortion / Theft Political Hackitivism

State Sponsored Traditional Hackers: Glory Hounds

Akamai Confidential ©2011 Akamai

Bitcoin

Akamai Confidential ©2011 Akamai

Let’s hold somebody ransom (the actual ransom note)

Your site www.#####.de will be subjected to DDoS attacks 100 Gbit/s.

Pay 100 btc(bitcoin) on the account

1ACFJHoB8Z3KDwDn6XdNTEJb6S7VsQiLZG

Do not reply to this email

Akamai Confidential ©2011 Akamai

BitCoin – The attack

Akamai Confidential ©2011 Akamai

Akamai’s response

Akamai Confidential ©2011 Akamai

FBI Attack Warning

The Tip ->

The Response ->

The Result ->