uncompiled.com

North Korea has reportedly developed its own version of the Linux operating with a graphical user interface that closely resembles Microsoft Windows.

A copy of the North Korean Linux distribution, called Red Star, was purchased in Pyongyang for US$5 by a Russian student named Mikhail, who then posted a brief review of it on his blog using the Russian embassy’s Internet connection, according to the English-language Web site of Russia Today, a Russian television news channel.

Mikhail, who described himself as one of two Russian students at North Korea’s Kim Il-Sung University, posted several screen shots of the operating system, including a system clock with a date based on North Korea’s calendar, which considers 2010 to be year 99 of its Juche ideology — with his review.

Although the operating system is still considered stable, it was easy to set up, taking around 15 minutes to install, Mikhail wrote, adding that it came with a single language option: Korean.

The desktop interface shown in the screenshots closely resembles Windows, and appears to be based on a recent version of the K Desktop Environment (KDE). The Red Star browser, which Mikhail said was called My Country, is based on Mozilla’s Firefox browser, and allows users to access North Korea’s closed network , called My Country BBS.

Other features of Red Star include a word processor, an e-mail client, antivirus software, multimedia players for audio and video, as well as several games.

Source

Hackers breaking into businesses and government agencies with targeted attacks have not only stolen intellectual property, in some cases they have corrupted data too, the head of the U.S. Federal Bureau of Investigation said Thursday.

The United States has been under assault from these targeted spear-phishing attacks for years, but they received mainstream attention in January, when Google admitted that it had been hit and threatened to pull its business out of China — the presumed source of the attack — as a result.

FBI Director Robert Mueller called these attacks a threat to the nation’s security on Thursday, speaking at the RSA Conference in San Francisco. “Just one breach is all they need in order to open the floodgates,” he said, speaking about the hackers behind these intrusions. “We have seen not only a loss of data, but also a corruption of that data.”

Mueller did not say exactly what he meant by corruption of data, but security experts worry that if attackers are able to alter source code, they might put back-doors or logic bombs in the software they gain access to.

“If hackers made subtle, undetected changes to your code, they could have a permanent window into everything you do,” Mueller said. “Some in industry have likened this to death by 1,000 cuts. We are bleeding data, intellectual property, information, source code, bit by bit, and in some cases terabyte by terabyte.”

Researchers investigating the Google attack — thought to have affected at least 100 companies including Intel, Adobe and Symantec — say that prime targets of the hackers were the source code management systems used by software developers to build code.

Companies often fail to put basic security controls on these systems, meaning that once an engineer or quality assurance tester’s workstation has been hacked, the company’s crown jewels are often accessible.

In some cases, hackers moved valuable intellectual property overseas using their victim’s wide area networks, and then moved the data from branch offices to outside servers via the Internet, researchers say.

“We are playing the cyber equivalent of cat-and-mouse, and unfortunately the mouse seems to be one step ahead most of the time,” Mueller said.

Source

Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.

“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco.

“I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.”

Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage.

His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it.

Schmidt’s official title is cyber-security coordinator at the White House, a job he took over just before Christmas. Schmidt has no budgetary authority, but he said that doesn’t make him powerless, because his office is in the White House. He’s been there before as an adviser to President George W. Bush, and he’s been the president and board member of countless security associations.

One of his first moves in his new job was to publish an unclassified summary of the country’s 12-point cybersecurity plan, known as the Comprehensive National Cybersecurity Initiative, a move toward transparency that he announced Monday as the keynote speaker at the world’s premier security conference.

That plan was first formulated under a veil of secrecy in January 2008 by President Bush. He was prompted in no small part by McConnell, who was director of national intelligence and reportedly convinced the president that a cyberattack could cause more economic damage to the United States than the 9/11 terrorist attacks.

Much of the authority and the funds under that initiative fell to the National Security Agency, the military’s premier spying agency that also has responsibility for locking down the government’s classified networks. Not surprisingly, McConnell, as DNI, held power over the NSA.

McConnell rejoined Booz Allen Hamilton, a defense contractor who made more than $4 billion in 2008, mostly in government contracts, including secret ones. A former NSA director, McConnell now servers as the vice president for national security business at Booz Allen Hamilton. It was recently acquired by the powerful and politically connected Carlyle Group, the world’s largest private equity whose advisers and board members have included George Bush, George W. Bush, James Baker and former SEC chief Arthur Levitt.

In an op-ed in the Washington Post last weekend, McConnell called for a re-engineering of the internet and a return to a Cold War mentality of deterrence, based on the threat that the United States would massively retaliate against any perceived attack.

“More specifically, we need to re-engineer the internet to make attribution, geolocation, intelligence analysis and impact assessment — who did it, from where, why and what was the result — more manageable,” McConnell wrote.

Threat Level rebutted that notion Monday, in a post that called McConnell the greatest threat to the internet.

For his part, Schmidt said no re-engineering of the internet is in the plans under the Obama administration. And he re-emphasized the president’s promise — delivered in a May speech addressing cybersecurity — that the government would not monitor the internet at large.

“People have to recognize that when we close the door and go home, we are just normal netizens like anyone else,” Schmidt said. “I’ve been in the internet from the very beginning. We don’t want to see it changed to where it is no longer available and we don’t have the ability to do things anonymously as we choose to in certain realms.”

“But we also need to do our financial transactions securely and you need to be able to file your story online in a manner so that by the time you upload it, it doesn’t say ‘At noon, today San Francisco had a terrible earthquake’ when that didn’t happen,” Schmidt added.

But that commitment to keep the government’s monitoring equipment out of the commercial internet seems belied by a CNET interview at RSA with a Homeland Security cybersecurity official, who said that DHS was considering installing its classified “Einstein 3″ security technology to non-government infrastructure.

Cyberwar advocates make their case for this in part by pointing to high-profile stories that hackers have penetrated the grid and, in some cases, caused massive blackouts including the 2003 cascading failure in the Northeast that affected some 50 million citizens. Those stories (on 60 Minutes, in the Wall Street Journal and the National Journal), relied nearly exclusively on anonymous defense intelligence officials or contractors, and are often easily debunked.

Schmidt said it’s possible that hackers have gotten into administrative computer systems of utility companies, but says those aren’t linked to the equipment controlling the grid, at least not in developed countries. He’s never heard that the grid itself has been hacked.

“As for getting into the power grid, I can’t see that that’s realistic,” Schmidt said.

There’s been much ink spilled in recent years over the turf battles in D.C. over whether the NSA (representing the military) or DHS (on the civilian side) takes the lead role in cybersecurity.

Rod Beckstrom, now the president of the International Corporation for Assigned Names and Numbers, resigned from his role heading cybersecurity for DHS last spring. He protested that the NSA was encroaching too far, and that the job of protecting non-military government websites should be handled by civilians — especially as the government pushes citizens to use those websites for more and more business.

But Schmidt said he hasn’t run into that problem and said government agencies are working together.

“I haven’t seen that tension,” Schmidt said.

As for which will take the cybersecurity lead, Schmidt simply says it’s a shared effort.

But that’s a very thorny issue — one that has dogged the government’s intrusion protection system Einstein and its successors, Einstein 2 and 3.

Why should U.S. citizens trust cybersecurity to the NSA? Under President Bush, it secretly turned its powerful spying apparatus inward in violation of U.S. law and its longstanding mantra to never spy on citizens.

Schmidt counters that the NSA has long had the job of protecting classified computers and has already become a participant in the wider security community. Among other things, it offers advice on how to secure computer systems, such as Linux and Windows. And more important, Schmidt said, the president maintains the NSA has to obey limits.

“When your boss, in our case the president, tells an agency not to do something and here are the controls put in place and here is the coordination put into place, that’s a pretty big commitment,” Schmidt said.

As for his priorities, Schmidt says education, information sharing and better defense systems rank high.

That includes efforts to train more security professionals and have the government share more information with the private sector — including the NSA’s defensive side.

“One thing we are looking at is how do make sure that the private sector has the information it needs from the government,” Schmidt said, referring to what he called “some of the unique visibility the government has from the attacks on our systems.”

The government must also be active in reducing its own vulnerabilities, according to Schmidt.

“We can’t sit there and be waiting for the next intrusion attempts to take place,” Schmidt said. “We need to become stronger in what we are doing so we are better able to resist the things that are being thrown at us.”

Schmidt, who has held cybersecurity positions inside the Air Force, the FBI and Microsoft, mentioned he’s part of a Facebook group of Wired magazine collectors. The oldest one he has, he said, had co-founder of the Electronic Frontier Foundation John Perry Barlow on the cover. Though the irascible Barlow never made the cover (other than a mock-up of the first edition), Schmidt could have been referring to Issue 2.04 which included a promo for an essay from Barlow.

Fittingly, that essay – about the failed effort to mandate government-accessible backdoors in encryption technology, was entitled “Jackboots on the Infobahn.”

Source

To make better cybersecurity-related decisions a senior FBI official recommends considering a simple algebraic equation—risk = threat x vulnerability x consequence—rather than solely focusing on threat vectors and actors.

Each factor is important, Steven Chabinsky, deputy assistant director at the FBI’s Cyber Division, said today. Chabinsky spoke on a panel at the Armed Forces Communications and Electronics Association Homeland Security Conference in Washington.

Nation-states that commit espionage, terrorist organizations, individuals interested in using the Internet as an attack tool and criminal syndicates are the types of attackers mostly likely to target computer systems in both the public and private sectors, he said. Threat vectors on which the FBI is focused include remote access and intrusion, supply chain vulnerabilities, proximate or close access threats, and insider access threats, he said.

Chabinsky said the risk model is compelling is because risk drops down to zero if any of those three elements or variables is zero. He said the risk model is the first place he goes when he needs to step back strategically.

“Unfortunately, we haven’t gotten to the point where I feel we can maintain at zero any one of those element so we have to constantly figure out as an organization how we are we driving down each of those,” he said.

He added, “If you look through the risk model you’ll find that you have opportunities on the threat vulnerability and consequence management side, and you have to find your partners so that you could work together.”

Source

The Obama administration gets a chance to demonstrate its cybersecurity leadership as three top guns from the executive branch – Homeland Security Secretary Janet Napolitano, White House Cybersecurity Coordinator Howard Schmidt and FBI Director Robert Mueller – address the RSA conference in San Francisco next week. It’s sorely needed.

What Napolitano and Schmidt – late additions to the roster of keynote speakers at the IT security conference – as well as Mueller say could signal the direction the White House will take to lead the nation in securing federal digital assets and the America’s critical IT infrastructure. Though the White House is working hard to fine tune its cybersecurity agenda, it’s been doing so in relative silence.

What these leaders need to demonstrate in their speeches are precise actions the administration will take in the coming weeks and months to protect America’s key IT systems. Visible leadership is required at a time when most news about protecting government and key private IT systems is terrible:

* Former Director of National Intelligence Michael McConnell, at a Senate hearing Tuesday, said the United States would lose a cyber war if one were held now.
* Bipartisan Policy Center held a simulated a cyber attack that disrupted smart phone service to 20 million customers, shut down an electronic energy trading platform and crippled the power grid along the Eastern seaboard.
* The month-old discussions about attacks from China on Google and other companies has not abated.
* Security firm Symantec issued a survey of IT managers that identified cyber attacks the most significant risks they face: 42 percent vs. 17 percent for traditional criminal activity and brand-related events, 14 percent for natural disasters and 10 percent for terrorism.

Meanwhile, the odds of significant cybersecurity legislation reaching President Obama’s desk this year are seen, at best, 50-50. Word circulating the Capitol is that cybersecurity legislation has stalled in the Senate partly because the White House has remained mute – at least in public – on these measures.

In Schmidt, the administration has one of the most respected cybersecurity experts whose excellent communications skills should be exploited to help drive its IT security agenda. It would be interesting to hear from him at RSA what the administration would like to see in legislation emanating from Congress.

As for Napolitano, she often spoke of cybersecurity challenges in the past year, but a press release from her office suggests her remarks will not be specific but will address the “broad mission to protect the nation’s cyber infrastructure, systems and networks, and the responsibility of all Americans in maintaining cybersecurity and resiliency.”

Let’s hope Napolitano, Schmidt and Mueller provide in their RSA speeches specific administration actions that will demonstrate a government leading on this all important matter.

Source

In a US Senate Committee on Commerce, Science and Transportation hearing, security experts have expressed extreme concern about US defences against cyber-attacks. Former vice-admiral and head of National Intelligence Michael McConnell even went as far as claimingPDF that the US would be on the losing side should a hostile power launch a cyber war against it. This is not, according to McConnell, because US security staff are less talented or because its technology is inferior, but rather the US is vulnerable because it is the best networked country – for which reason it also has the most to lose.

It is precisely this state of affairs which the recently passed Cybersecurity Enhancement Act of 2009 is intended to resolve. It aims to ensure, by means of training, research and better coordination, that the government and government agencies are better protected against attacks originating from cyberspace. The Act still has to pass through the US Senate.

James Lewis of the Center for Strategic and International Studies (CSIS) also emphasisedPDF US vulnerability to attacks. According to Lewis, it is known that countries such as China and Russia are already carrying out espionage to determine how they can disable the US electricity grid. He believes that they and other countries are now in a position to be able to knock out the electricity grid in the event, for example, of a conflict over Taiwan or Georgia. However he thinks that it unlikely that China or Russia would go down this route, as it would be too great a risk politically, comparable to bombing a power plant, and would trigger a vigorous US reaction. In addition, he notes, even hostile states would suffer should, for example, Wall Street be knocked out.

However Lewis plays down concerns about terrorist attacks, saying that If terrorists were really in a position to carry out cyber-attacks, they would already have done so. The belief that they are in a position to do so, but have so far held back for whatever reason is “ridiculous”. Terrorists are, in his opinion, crazy people. Lewis warns that this situation could change if hostile powers were to provide terrorists with the requisite knowledge and skills. Lewis feels that at present, neither China nor Russia would cooperate with extremists.

Nonetheless, the US and the US economy is already being bled by constant small-scale cyber-attacks. According to Lewis, theft of important information and attacks by cyber-criminals are already doing immense damage to both business and government. If no action is taken, the patient will, Lewis told the hearing, eventually bleed to death – therefore he considers passage of the Act to be an urgent necessity.

Source

Intel this week said it was the victim of a sophisticated cyberattack that occurred in January around the same time cybercriminals compromised systems at Google, Adobe and more than 30 other large companies.

In its annual 10-K report, a summary of a public company’s performance required by the U.S. Securities and Exchange Commission, Intel said hackers regularly attempt to infiltrate its information technology systems — and are sometimes successful.

“One recent and sophisticated incident occurred in January 2010 around the same time as the recently publicized security incident reported by Google,” Intel wrote in the filing, which was submitted Monday.

Intel did not provide any specifics about the attack, but said hacking attempts may be the result of espionage or others seeking to harm the company.

“It routinely happens,” Intel spokesman Chuck Mulloy told SCMagazineUS.com on Tuesday. “It is not unusual for us to see these sorts of attacks. As a matter of policy, we don’t talk about specifics.”

Mulloy said he could not confirm or deny if the attack that Intel suffered in January was part of the same wave of attacks that hit Google, Adobe and others.

“We mentioned Google because it was very prominent in the news at the time we saw that particular attack,” Mulloy said. “Based on what we know right now, there was no IP [intellectual property] loss.”

In the filing, Intel said it works to detect and investigate cyberattacks to prevent them from recurring, but sometimes the company is not aware of incidents that have occurred, or their effects.

Hacking incidents could lead to the unauthorized use or publication of trade secrets or other confidential business information, Intel said. In addition, cyberattacks also could negatively impact the value of a company’s investments in research and development, along with relationships with third parties and customers.

“Our business could be subjected to significant disruption, and we could suffer monetary and other losses, including the cost of product recalls and returns and reputational harm, in the event of such incidents and claims,” Intel said.

Cyberattacks cost enterprises an average of $2 million per year due to a loss of productivity, revenue and customer trust associated with such events, according to a study released Monday by Symantec.

In January, Google disclosed that its systems were compromised by organized and well-resourced cybercriminals, believed to be operating out of China and who stole intellectual property. The attacks were dubbed “Operation Aurora.”

Other companies reportedly targeted in Operation Aurora included Yahoo, Symantec, Juniper Networks, Northrop Grumman and Dow Chemical, according to the Washington Post, which cited unnamed congressional and industry sources.

Source

BEIJING (Reuters) – U.S. government analysts believe a Chinese man with government links wrote the key part of a spyware program used in hacker attacks on Google last year, the Financial Times reported on Monday.

The man, a security consultant in his 30s, posted sections of the program to a hacking forum where he described it as something he was “working on,” the paper said, quoting an unidentified researcher working for the U.S. government.

The spyware creator works as a freelancer and did not launch the attack, but Chinese officials had “special access” to his programing, the report said.

“If he wants to do the research he’s good at, he has to toe the line now and again,” the paper quoted the unnamed U.S. government researcher saying.

“He would rather not have uniformed guys looking over his shoulder, but there is no way anyone of his skill level can get away from that kind of thing. The state has privileged access to these researchers’ work.”

The report did not say how analysts knew about the man’s government ties.

The allegations over the spyware are the latest episode in a dispute that has pitted Google and the United States against China, with its wall of Internet controls and legions of hackers.

In January, the giant internet search engine company, Google, threatened to pull back from China and shut its Google.cn Chinese-language portal over complaints of censorship and sophisticated hacking from within China.

Washington has backed those criticisms and urged Beijing to investigate hacking complaints thoroughly and transparently. Beijing has said it opposes hacking.

The Financial Times report also quoted unnamed sources backing a New York Times report that analysts had traced the online attacks to two Chinese educational institutions, the prestigious Shanghai Jiaotong University and the Lanxiang vocational school.

The two establishments have denied the reports. And the allegation that the latter, a high-school level institute that also trains hairdressers, chefs and car mechanics, could take on one of the world’s most powerful Internet firms, have been widely mocked in Chinese cyberspace.

“How can these future cooks be such powerful hackers?” a web user from Zhejiang province said on the portal www.163.com.

The use of the school’s IP address could simply mean that hackers had taken over its computers to hide their tracks.

But Lanxiang’s website also claims to have the “biggest” computer laboratory in the world, a boast it says is confirmed by Guinness World Records.

There was less online comment about the well-respected Jiaotong University, which attracts top graduates and has a School of Information Security Engineering.

(Reporting by Emma Graham-Harrison; Editing by Alex Richardson)

Source

Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach.

A global hacking offensive has broken into U.S. companies and government agencies. Cyber attacks could soon be seen as a national security threat, WSJ executive editor Jerry Seib tells the News Hub.

The damage from the latest cyberattack is still being assessed, and affected companies are still being notified. But data compiled by NetWitness, the closely held firm that discovered the breaches, showed that hackers gained access to a wide array of data at 2,411 companies, from credit-card transactions to intellectual property.

The hacking operation, the latest of several major hacks that have raised alarms for companies and government officials, is still running and it isn’t clear to what extent it has been contained, NetWitness said. Also unclear is the full amount of data stolen and how it was used. Two companies that were infiltrated, pharmaceutical giant Merck & Co. and Cardinal Health Inc., said they had isolated and contained the problem.
How the Attack Spread

Starting in late 2008, hackers operating a command center in Germany got into corporate networks by enticing employees to click on contaminated Web sites, email attachments or ads purporting to clean up viruses, NetWitness found.

In more than 100 cases, the hackers gained access to corporate servers that store large quantities of business data, such as company files, databases and email.

They also broke into computers at 10 U.S. government agencies. In one case, they obtained the user name and password of a soldier’s military email account, NetWitness found. A Pentagon spokesman said the military didn’t comment on specific threats or intrusions.

At one company, the hackers gained access to a corporate server used for processing online credit-card payments. At others, stolen passwords provided access to computers used to store and swap proprietary corporate documents, presentations, contracts and even upcoming versions of software products, NetWitness said.

Data stolen from another U.S. company pointed to an employee’s apparent involvement in criminal activities; authorities have been called in to investigate, NetWitness said. Criminal groups have used such information to extort sensitive information from employees in the past.

The spyware used in this attack allows hackers to control computers remotely, said Amit Yoran, chief executive of NetWitness. NetWitness engineer Alex Cox said he uncovered the scheme Jan. 26 while installing technology for a large corporation to hunt for cyberattacks.

That discovery points to the growing number of attacks in recent years that have drafted computers into cyber armies known as botnets—intrusions not blocked by standard antivirus software. Researchers estimate millions of computers are conscripted into these armies.

“It highlights the weaknesses in cyber security right now,” said Adam Meyers, a senior engineer at government contractor SRA International Inc. who reviewed the NetWitness data. “If you’re a Fortune 500 company or a government agency or a home DSL user, you could be successfully victimized.”

Disclosure of the attack comes on the heels of Google Inc.’s allegation that it and more than 20 other companies were breached by Chinese hackers. This operation appears to be more far-reaching, infiltrating some 75,000 computers and touching 196 countries. The highest concentrations of infected computers are in Egypt, Mexico, Saudi Arabia, Turkey and the U.S.

NetWitness, based in Herndon, Va., said it was sharing information with the companies infected. Mr. Yoran declined to name them. The company provides computer security for U.S. government agencies and companies. Mr. Yoran is a former Air Force officer who also served as cyber security chief at the Department of Homeland Security.

Besides Merck and Cardinal Health, people familiar with the attack named several other companies infiltrated, including Paramount Pictures and software company Juniper Networks Inc.

Merck said in a statement that one computer had been infected. It said it had isolated the attack and that “no sensitive information was compromised.”

Cardinal said it removed the infected computer from its network. Paramount declined to comment. Juniper’s security chief, Barry Greene, wouldn’t speak about any specific incidents but said the company worked aggressively to counter infections.

NetWitness, which does extensive work for the U.S. government and private-sector clients, said it was sharing its information with the Federal Bureau of Investigation. The FBI said it received numerous allegations about potential compromises of network systems and responded promptly, in coordination with law-enforcement partners.

The computers were infected with spyware called ZeuS, which is available free on the Internet in its basic form. It works with the FireFox browser, according to computer-security firm SecureWorks. This version included a $2,000 feature that works with FireFox, according to SecureWorks.

Evidence suggests an Eastern European criminal group is behind the operation, likely using some computers in China because it’s easier to operate there without being caught, said NetWitness’s Mr. Yoran.

There are some electronic fingerprints suggesting the same group was behind a recent effort to dupe government officials and others into downloading spyware via emails purporting to be from the National Security Agency and the U.S. military, NetWitness’s Mr. Yoran said.

That attack was described in a Feb. 5 report from the Department of Homeland Security, which said it was issuing an alert to the government and other organizations to “prevent further compromises.”

A DHS official said that ZeuS was among the top five reported tools for malware infections.

Source

More than 300 Web sites are being pestered by infected computers that are part of the Pushdo botnet, according to security researchers.

The U.S. Federal Bureau of Investigation, Twitter, and PayPal are among the sites being hit, although it doesn’t appear the attacks are designed to knock the sites offline, said Steven Adair, of The Shadowserver Foundation, a group that tracks botnets.

Shadowserver was tipped off to the Pushdo issue by Joe Stewart, director of malware analysis at vendor SecureWorks.

Pushdo, which is also known as Pandex or Cutwail, has been around for about three years, according to a report from Trend Micro. Computers infected with Pushdo are used to send out spam, but the malware is capable of downloading other harmful code to a computer.

Pusho appears to have been recently updated to cause computers infected with it to make SSL (Secure Sockets Layer) connections to various Web sites. SSL is an encrypted protocol used to protect information exchanged.

The bots start to create an SSL connection and then disconnect, a process that is repeated, Adair said. Serving up SSL connections puts more of a burden on a Web site than HTTP connections, Adair said, but the traffic has been so sporadic that some large Web sites didn’t even notice.

“Despite how noisy it is, the traffic is still too infrequent and not large enough to really be seen as what we would think is an intentional DDOS attack,” Adair said in an e-mail exchange. “Much smaller botnets are capable of generating far more traffic and causing more of an impact to Web sites than what is being done with Pushdo.”

The traffic, however, is significant and results in large Web sites getting millions of hits across hundreds of thousands of IP (Internet Protocol) addresses. “This might be a big deal if you’re used to only getting a few hundred or thousands of hits a day or you don’t have unlimited bandwidth,” Adair wrote on Shadowserver’s blog.

One option for Web sites is to change their IP addresses, but that may only be a temporary fix. “We have also had numerous people write in offering assistance and feedback on ways to slow or stop these attacks,” Adair said. “We hope to put out an updated post that can help our system administrators associated with these Web sites soon.”

Source