A private airline which faced financial ruin after a hacking gang
brought its computers to a halt during three months of sustained
attacks, claims to have turned the tables on the hackers by installing
the latest high-tech defences.
The airline, which runs shuttle services between Italy and Albania,
narrowly survived after the gang bombarded the company’s systems with
millions of requests during its busiest booking period.
Small companies which rely on the web for business are particularly
vulnerable to denial of service attacks, but it is rare for firms to
talk publicly about their experiences. Online sports betting sites,
including Paddy Power, were hit by a spate of attacks two years ago from
gangs demanding the payment of a ransom.
In an interview with Comptuer Weekly, Albatros Airlines, said it lost
€20,000 a day after the attackers left its website inaccessible to
travellers and travel agents for weeks at a time.
"There was total disruption of sales. We could not sell anything
via our system, and had to wait for phone calls from travel agencies,"
said Erion Elmasllari, head of IT at the airline. "Basically our
sales were really dropping."
The airline, based in Tirana, first realised that something was amiss
in December when it received a cryptic e-mail which read, "I notify
you that attacks will not stop! but if you want to do a counterattack,
just tell me … for money everything can be done :)."
The attacks failed to register until May, when the company’s servers
in southern Italy were hit by a massive denial of service attack
launched from thousands of infected PCs controlled by the hacking group.
The company, which had a 2Mbytes line, increased its line capacity to
10Mbytes and moved its servers to a hosting centre in Northern Italy,
but the hackers responded by stepping up the intensity of their attacks.
At its peak, the hackers bombarded the company with messages from
7,000 computers, bringing down both the company’s systems and its
internet service provider.
"At one point we managed to set up firewall filters, so only the
agencies that work with us were allowed on our website. Then the
unthinkable happened. The providers in Albania changed their DNS
numbers, which meant the firewalls had to be reprogrammed, which took
another week," said Elmasllari.
The airline finally shifted its servers to a London hosting firm,
VistaLogic, which agreed to install specialist technology to protect the
servers from the attacks. The technology, supplied by Webscreen, is able
to distinguish between normal customer behaviour and an attack.
"After we started protecting them, the hacker started using
different strategies. He has tried every single strategy possible,
ranging from bot nets, synflooding, rests, and malformed packets,"
said Mustafa Ozkececigil, chief executive of the hosting firm..
"The worst attack we have had is 200Mbytes a second. That is a
substantial amount of traffic."
Andy Beard, advisory services director at Pricewaterhouse Coopers,
said it was rare for companies that have been hit by denial of service
attacks to talk about their experience.
"While the defences have got better, the determined attackers are
getting better. The sheer number of potentially compromised machines
[which can be used to launch an attack] is huge," he said.