WikiLeaks attacks highlight risks in Internet security

By Ron Meyran Director of Security Products, Radware.
 
The British national security adviser, Sir Peter Ricketts, has advised all government departments to review their computer security in light of the recent WikiLeaks attacks.

 
WikiLeaks came under intense pressure in December 2010 to stop publishing secret United States diplomatic cables. A range of organisations, from banks, financial services and retailers through to government agencies, either stopped working with or froze donations to WikiLeaks, apparently bowing to political pressure.
 
In response, members of the Anonymous group (people behind Operation Payback made available a relatively simple-to-use tool to quickly direct a Distributed Denial-of-Service (DDoS) attack against any company that was perceived to be conspiring against WikiLeaks.  Most of the targeted sites experienced major service disruptions resulting in multi-hour business outages.
 
The Denial of Service (DoS) attacks used have highlighted the concerning fact that irrespective of organisation, or data being carried, in many cases online security measures are failing; putting the general public at risk.   
 
To effectively protect against these aggressive types of attacks, organisations to build defences using multiple network security technologies - including signature detection, hardware accelerated DoS Protection and Network Behavioural Analysis (NBA) with real-time signature creation. In addition, a human intelligence element is needed in the form of an emergency response service, or similar, to gather attack intelligence, investigate the attack tools and set the security profiles needed to defend against incoming attacks.  

The UK still remains at risk from other possible sources. Whilst the current student protests have until now tended to mainly be physical, it is highly possible that the skills and intelligence of many participating students will be used to mastermind sophisticated online and mobile security breaches to bring down the sites of the government and supporting organisations pushing for change. The resulting downtime will lend short-term "joy" as the impact on other government services and the effect on the education of those already studying starts to kick in.