Fighting DDoS on the Fly

19 November 2004

British Internet gambling operators have a new line of defense for battling DDoS attacks--a problem that has the industry for the last year.

Top Layer Networks, an international technology security firm, on Wednesday rolled out a new service that enables operators to access a 24-hour "DDoS SWAT team" that can secure a Web site within an hour of an attack.

The "Doomsday DDoS Disaster Recovery Service" is the work of Top Layer and mnet Internet, a British corporate-only ISP and co-location company.

Clients can call any time of day and have a team of technicians install a "Top Layer Attack Mitigator IPS 5500" within an hour of the call being placed. The Attack Mitigator blocks and controls some of the most prevalent cyber attacks.

Distributed denial of service (DDoS) attacks have been the method of choice for hackers targeting the online gaming industry over the last 12 to 18 months. Hackers contact I-gaming operators and demanded large sums of money to prevent attacks. Some operators who've opted not to pay the hackers have seen their sites brought down for days, often during times of high betting volume.

In addition to squelching DDoS attacks, the Attack Mitigator is designed to deal with hybrid attacks like HTTP worms, DoS, protocol and traffic anomalies, IP spoofing, SYN flood attacks and others.

Users of the Top Layer system pay a small monthly retainer and, if they are attacked, pay a fee that's based on usage of the system.

"We see this is an innovative way of protecting our customers from the threat of cynical hackers," Fenton Bard, business development manager for mnet, explained. "In many ways, it is another option to our disaster recovery offering, but instead of a power generator, we are delivering a very robust, high-performing intrusion prevention and anti-DDoS product and team that is proven to stop attacks in real time."

Paul Lawrence, general manager EMEA and Asia at Top Layer, said the combination of extortion attempts and DDoS attacks was unique to the interactive gambling space, but that's starting to change.

The first extortion attempts came more than a year ago, prior to the start of the 2003 National Football League season, and were conducted by organized crime syndicates and well financed hackers. By targeting online casinos and sports books, the hackers were going after companies expected to have little support from law enforcement.

With help from a handful of I-gaming operators, the High Tech Crimes division in the United Kingdom broke up a Russian syndicate of hackers this past summer. The bust did little to stop other hackers from targeting the industry, however, and some are moving on to other e-commerce industries, including the payment processing business.

Lawrence said the attacks have focused on businesses that conduct a high volume of low-cost transactions, and hackers choose peak times when service interruptions would be most costly to the operators. He also pointed to research showing that the attacks have quadrupled over the last six months.

Not only is the volume of attacks on the rise, they're also becoming more potent. Mike Paquette, vice president of marketing and product management of Top Layer, said he has seen attacks that have reached a gigabit per second--the equivalent of 1,000 computers pulling a megabit of data per second from a Web site.

"It's an arms race," he said. "What if it were a million computers, a terabit per second? A lot of things could be rendered unavailable."

Numerous Attack Mitigators have been strategically placed throughout London and southeast England for rapid deployment and installation into customers' sites and co-location centers.

Nobody knows where Kevin Smith came from. He simply showed up one day and started writing articles for IGN. We liked him, so we decided to keep him. We think you'll like him too. Kevin can be reached at