Attack on internet service providers lasted nearly five days, used millions of virus-hit IPaddresses and was preceded by a similar assault on the US Library of Congress

The Distributed Denial Of Service (DDOS) attack on Internet Service Providers (ISPs) in the state is among the largest in the world and the first of its magnitude in India, police said on Saturday. IGP (Cyber Crime) Brijesh Singh said the Director General, Indian Computer Emergency Response Team has been alerted and the agency is dealing with it. He, however, declined to share specifics of the DDOS attack.

The Hindu had reported on July 23 how small and medium ISPs in the state were being targeted by a DDOS attack, which creates a sudden surge of activity using virus-infected Internet Protocol (IP) addresses, causing servers to crash. The attack was being executed at 200 gigabytes per second, an indicator of its scope. Investigating officials peg the number of such IP addresses used for the attack at several million.

A senior state police officer said DDOS attacks usually last for two to four hours and have a specific and limited number of targets. “This particular attack has lasted for four to five days and has targeted scores of small and medium ISPs that do not have the infrastructure to fend off such attacks.”

Police officers said DDOS attacks are easy to execute because all they need are IP addresses infected with Trojans, a kind of computer virus. An officer said, “An unbelievably large number of IP addresses worldwide are infected with Trojans which find their way into computers through spam mail or advertisements on web pages, and users don’t even realise it. The Trojans lie dormant till a hacker needs them to perform a specific function, after which as many such IP addresses as are needed for the purpose can be programmed to strike together in a consolidated attack.”

Cyber crime lawyer N.S. Nappinai added that getting access to infected IP addresses was not difficult. “Infected IP addresses are routinely sold on the dark net by entities that infect them in the first place. All a hacker has to do is buy enough infected IP addresses and use them for a DDOS attack.”

Incidentally, the DDOS attack comes days after a similar attack in the USA, in which the Library of Congress’s servers were affected between July 17 and July 20.

A blog on the Library of Congress website by its chief information officer Bernard A. Barton Jr., said, “This was a massive and sophisticated DNS assault, employing multiple forms of attack, adapting and changing on the fly. We’ve turned over key evidence to the appropriate authorities who will investigate and hopefully bring the instigators of this assault to justice.”

The Indian Computer Emergency Response Team in Delhi has been alerted by the Maharashtra police