[ISN] Q&A: Tom Leighton, chief scientist at Akamai

InfoSec News isn at c4i.org
Thu Jun 17 10:38:48 EDT 2004 

http://www.computerworld.com/securitytopics/security/story/0,10801,93875,00.html

By Jaikumar Vijayan 
JUNE 16, 2004 
COMPUTERWORLD

Akamai Technologies Inc. said today that the Domain Name System
problems it encountered yesterday were the result of a sophisticated
and targeted distributed denial-of-service attack against the company.  
In an interview with Computerworld, Tom Leighton, the company's chief
scientist, talked about what happened.


What was the nature of the yesterday's attack?

It was a name server attack against four of our customers for whom we
carry their name servers. Our assumption was this was an attack
against Akamai and it was perpetrated by attacking our customer name
service infrastructure.  It is not impossible that this was a
coordinated attack against those four Web sites. Akamai has a lot of
key customers, and it could just be a coincidence that the four
happened to be Akamai customers. [But] we are assuming it was an
attack against Akamai.


Why were only four major customers affected?

Actually, we had more than those four customers impacted. About 4% of
our customer base [of about 1,100 customers] had the potential to be
impacted by it. Half of them did not have any noticeable impact. There
was a set of servers that experienced the brunt of the attack. The
servers did not go down, but their ability to perform was severely
hampered. They were giving out valid information, but for a small
subset of customers, the performance was not there.


Has the source of the attack been identified and the attack traffic
stopped?

That's information that we are sharing with the authorities.  But the
attack traffic has been eliminated.


What's happened since the attack?

We've had a chance to analyze the attack. We have put out several
additional defensive mechanisms in place because there is a security
concern. Going forward, we are continuing to place additional
mechanisms in place. DNS is a critical component of the Internet and
in general one of the most vulnerable.  We've put a lot into securing
our name server infrastructure. We have learned from this incident.


Is there any indication that someone with inside knowledge could have
been responsible?

It was sophisticated and very large-scale, but it did not require
insider knowledge. We have no reason to believe an insider was
involved.


Could the incident have been caused by an internal technology problem?

Our systems performed normally, as they are designed to perform. It is
because of this that it didn't impact more of our customer base.

More information about the ISN mailing list