17/11/2016 18:15
Riccardo Luna
Rome – That it really happened in the 48 hours in which a team of hackers has attacked the website of the committee "just a ” yes"? A lot has been said and speculated.
What can we learn from the history of this strange attack
Andrea Stroppa, 22 years old, was in the forefront of the defence of the site.
computer security Expert, just some weeks ago he published a paper exclusively on Forbes on the danger of cyber propaganda online , and this summer a research on the danger of counterfeiting exclusive to the Washington Post considered by the main groups of anti-counterfeiting american. And it is well-known in Italy because, among other things, he works for the company in the cyber security of Marco Carrai. They called him on the night of the attack. And here says to AGI how it went from his point of view.
"the two days were very intense. the attack of the kind do not happen every day. Let’s start from the beginning. There is a team that follows the site: a company of Florence, who develops all the digital projects of the President of the council. And ran all over them. And when they went online, months ago, had always been a cyber attack but could not repel.
"During the election, saw what happened to Clinton, someone within the Committee has wisely asked how the situation-side security: there were slight vulnerability on the portal, but nothing exceptionally important."
"In the meantime, work on SEO, i.e. on the improvement of the content of the site from the point of view of search engines, was giving its fruits, the keywords, the keywords, on Google were bringing so much traffic,. And when things seemed that work came the attacks. Devastating. The alarm was raised on Tuesday night.
"nothing works. Is happening something strange, wake up!" there was written in the email that I received. I thought that it was nothing serious, but as soon as we entered in the system it was clear that it was an attack double: the classic DDOS, namely, the interruption of the service of a server is subject to too many simultaneous requests, to overshadow it; along with the fact that more people have tried to gain access to restricted areas site.
“they were attempts to access the restricted parts of the site using the techniques of hacking known as sql injection. So many great ones have been hacked as well: sites of banks and governments".
"THE DDOS came from around the world. Used server, probably hacked, that is used server others to carry the attack. And then the personal computer real. Here, you enter on the computers of unsuspecting users, load scripts, and part of the attack. If it is a person nothing happens, if it is in the thousands becomes a problem."
"we Talk about peaks between 20 and 30 gbps of DDOS. A strength very important. It was not an attack made by one that had nothing to do. the people Were organized who has studied well the objective.”
"The site went down the first time Wednesday afternoon. But the attacks had started on Tuesday 14 November, and it was there that we turned to the americans of Encapsulates, part of the group Imperva, a giant of security, which collaborates with the most important international institutions. In the meantime, it was clear from the logs that the attacks continued to be numerous, and with different purposes: or obscure the portal or penetrate and take confidential information. the And it was necessary to create a team of emergency: their in San Francisco and the four of us, all under 30, between Rome, Palermo, and the Veneto."
"The larger attacks started at 06:04 in the morning on November 16. The attack started from the Netherlands. A minute later, again from Holland at 6:05. From Italy at 6:26. New Holland at 6:28 and 6:41 when they tried again, even steal user data of the site. Then they went on a barrage, and in an hour they made over a hundred attempts. Failing in their attempts to steal data have changed.
"So although we held up well until lunch time, then they put us in difficulties: after the two attacks at 12:53 and at 13:36 the site was no longer reachable in a stable manner. Then we realized that we could not resist, we have decided to pull us down in order to avoid worse trouble: we needed time to make structural changes. What have we done? Various things and we moved the server to a safer place".
"We’re back online Wednesday, 16 evening around 22. The scale of the attacks and the provenance apparent of these, makes us think that someone is facing criminal organisations specialised in cyber crime. An action so costs tens of thousands of euros, is certainly not the result of a pastime of someone.” “The site is secure, there are the necessary checks to see if there were access to the restricted parts, but the initial analysis does not give evidence of any intrusion, however, we should realize the atmosphere that is created, and how the theme of cyber safety is important.”
No comments:
Post a Comment