Akamai Technologies confirmed Wednesday that its distributed network and servers — which help serve major Web sites including those of Yahoo, Google, Microsoft and others — came under attack Tuesday, calling the denial of service (DoS) “a sophisticated, large-scale attack.”
Akamai — which also said the attack was targeted at specific customer sites — downplayed the impact of the DoS, which took place between about 8:30 a.m. and 10:45 a.m. EDT on Tuesday. The company called reports of site outages from measurement company Keynote inaccurate and claimed that less than 1 percent of its customers had a significant impact affecting more than 20 percent of their users.
“Akamai regrets any inconvenience that the affected customers may have experienced, and continues to take steps to protect customers and itself against the effects of future attacks,” the Cambridge, Massachusetts company said in a statement.
Domain Name Denial
Akamai said the attack was aimed at its domain name services and resulted in delays in DNS name resolutions and some timed-out DNS requests. While the attack might have slowed DNS responses for users, Akamai stressed that its services were not interrupted.
Gartner research vice president Richard Stiennon told TechNewsWorld that the attack displayed the very reason companies with major sites turn to Akamai to handle or help with site traffic.
“Part of the reason for being for Akamai is to defend their customers from denial-of-service attacks,” Stiennon said. “They’ve got the infrastructure to support all of these sites, so it’s pretty amazing when their customers can actually see outages.”
Although Keynote reported that Internet performance and access to several large sites, including Microsoft’s and Yahoo’s, was compromised by the attack, Akamai stressed that only 2 percent of its 1,100 customers experienced a noticeable impact.
“Third-party Web site measurement services can significantly overstate the impact of attacks such as this one, because these services use private name servers to check Web site availability,” said an Akamai statement. “These private name servers do not serve traffic to actual end users. If one of these private name servers is unable to reach a site or get a DNS resolution immediately, it may record that the site is unavailable.”
Akamai said that during Tuesday’s attack, public name servers used by most end users worldwide were able to get DNS resolutions from Akamai, allowing most of those users to access the Web sites they wanted.
Destined For Disclosure
Stiennon said that regardless of the reports from Keynote or Akamai’s confirmation of the attack, the public would have learned of the DoS effort thanks to other, free Internet measurement services such as Netcraft.
“It would’ve come up,” Stiennon said. “You would have seen Microsoft or Yahoo going down. It would’ve come out.”
Akamai, which reported it is working with U.S. federal law enforcement agencies to investigate the incident, said its automated monitoring systems detected the attack, allowing the company to make adjustments and work with partners globally to stop it.
Escalation of Extortion?
Stiennon, who told TechNewsWorld that the increased worm activity in recent months can be attributed largely to extortion schemes against sites that need to stay online — such as gambling sites — said the Akamai attack might be part of a similar effort.
“The question is was this an extortion attempt by some guys to extort money from e-commerce Web sites,” Stiennon said. “Now it’s the next level. The gaming sites are getting past it somehow. [Attackers] are now going after companies that provide payment processing for these sites. It’s a matter of time before major financial services companies come under attack.”
Stiennon said that the extortion attempts were a particular concern because of their success.
“The disturbing thing is, I hear companies say that they would pay protection money to stay up,” Stiennon said. “My advice is, they should be thinking about it. If you rely on your Web interface to the world for business, then you definitely need to defend against denial of service attacks.”