Massive data attack cripples online firm

The distributed denial of service attack (DDOS) was instigated by criminals who demanded $10,000 to stop the attack.

Protx responded to the DDOS, which began on October 31, by immediately updating its systems. But the improvement was short-lived and services were brought to a crawl again by another wave of attacks. Protx refused to pay up, and the attack continued for another week.

In an initial statement Protx claimed, "The DDOS solution implemented by Protx uses developmental and bleeding edge technology. Any future attacks will be dealt with in a matter of minutes instead of hours. We're continuing to work closely with the National High Tech Crime Unit (NHTCU) to bring the perpetrators to task."

Some observers said the case underlines the need for companies to test their capacity to withstand such attacks. "It highlights how open some companies are to this," said David Hill, a VP at communications company Spirent. "Organizations do not test the capability of their infrastructure. They do not ask themselves how their networks would respond to such an event."

But Hill said the approach needs to be more proactive, and that there is unwillingness amongst some companies to protect themselves, "There's a lack of understanding that tools exist. Some seem to not understand why they should spend money to secure their systems," he said.

The vast volume of data sent in the attack is believed to have been generated by a network of compromised computers. These are used to send data simultaneously to a single site, until it can no longer cope and shuts down.

Speaking after the SC Conference Richard Starnes, director of security response at Cable and Wireless, explained that there were plenty of bot networks around. "Its not difficult to set up a system," he said. "There are so many people who don't protect their computers at home."