Hackers hid Carphone Warehouse breach with DDoS smokescreen
Hackers reportedly swamped Carphone Warehouse with junk traffic as a smokescreen, before breaking into systems and stealing the personal details of 2.4m customers.
The trick is to cause problems without rendering target networks completely inaccessible.
Dave Larson, CTO at DDoS mitigation specialist Corero Network Security, commented:
These types of frequent and sub-saturating DDoS attacks are typically intended to distract corporate security teams, but leave enough bandwidth available for a subsequent attack to infiltrate the victim’s network, much like the incident reported against Carphone Warehouse.
This technique of DDoS as a smokescreen is becoming a more commonplace threat, especially for any internet-connected business that is housing sensitive data, such as credit card details or other personally identifiable information.
Cyber-crooks run DDoS attacks while carrying out more significant data breaches, either to keep security response staff too busy to follow up alerts that can provide an early warning sign of intrusion, or to trick them into relaxing security controls such as firewall rules.
**So if you are being attacked – and think that you are surviving, then you might want to think again – you’re being distracted.
As noted by the Torygraph, hackers are thought to have used DDoS attacks as smokescreens to disguise more serious assaults on Sony’s PlayStation Network in 2011 and against US banks since at least 2012. How this works, and the tools deployed in the case of attacks against banks, were explained in a 2013 Reg article here.