Defense.Net Aims At Those Trying To Topple Critical Infrastructure


Distributed denial of service attacks, which have wreaked havoc on the financial services industry over the past year, require a new approach, said Barrett Lyon, an entrepreneur who recently unveiled startup Defense.Net.

The company plans to work with a variety of DDoS mitigation vendors to architect a product that can protect against attackers who are attempting to bring down critical infrastructure, including the IT infrastructure supporting financial markets.

Defense.net came out of stealth mode earlier this month. It was founded in December 2012 with the goal of building out a DDoS defense network. The products will be sold as a service and include an internally developed mitigation layer that uses proprietary routing technology. The technology will work with companies installing DDoS mitigation appliances and those that want overflow protection in the event that the appliance fails or cannot handle an attack, said Lyon, who said he will reveal more details about Defense.Net next month.

Defense.Net came out of stealth mode amid disruptions to the U.S. stock market, including the Nasdaq being halted for three hours last week after Exchange computers failed to handle trades correctly. The incident, according to security experts, underscores what could happen if the financial markets were brought down for an extended period of time.

"The entire online banking industry today relies on a couple of different vendors and if one of the vendors is taken out, there could be real problems," Lyon told CRN. "There are countries and groups that want to leverage the Internet as a tool for politics, and the tools are available and much more capable of carrying out a dangerous attack by motivated cybercriminals."

[Related: 5 Reasons DDoS Attacks Are Gaining Strength]

Lyon, founder of anti-DDoS firm Prolexic and co-founder of content delivery network BitGravity, is noted for his role in helping the online gaming industry defend against extortionists. The cybercriminals use DDoS attacks and other tactics to cripple networks, holding businesses hostage until they pay a sum of money. Lyon worked with investigators to track down a Russian cybercriminal organization, leading to the arrest and jailing of the group's leader.

"Today cybercriminals are much more capable and there's completely new motivations for this kind of stuff," Lyon said.

DDoS attacks have been strengthening, according to reports issued by Arbor Networks and Prolexic. The average DDoS attack duration is rising and reached 38 hours in the second quarter of 2013, according to Prolexic's latest threat report. Attack bandwidth and volume also increased, sending an extremely intense flood of malicious traffic at servers. Arbor Networks is seeing similar DDoS trends and said cybercriminals are constantly changing attack vectors in an effort to evade detection.

Cybercriminals also are making subtle changes to their techniques, as DDoS attacks are being aimed at cloud service providers. Attackers are using commercial and public DDoS kits that can be custom-tuned to cripple applications running on Web servers with unwanted traffic that appears legitimate. Rather than harvesting the power of a large botnet, Lyon and other experts say that attackers also are infecting vulnerable servers and using their more powerful processing power to conduct targeted attacks.

DDoS attacks can seriously impact many businesses, said Robert Masse, a security consultant based in Montreal who spoke recently at the 2013 Black Hat conference about his efforts to track down a man responsible for a low-cost DDoS-for-hire service. Masse said the attacks he's seen on one rural area took out a town's 911 emergency response system, disrupted VoIP communications to a business and took out the management system at a chicken farm, resulting in the loss of thousands of chickens.

"Traffic would start during business hours and large attacks ramped up really quickly," Masse said. "From a military perspective, it's much like the IEDs in Iraq; you have little resources being spent to take down these huge entities."

PUBLISHED AUG. 26, 2013