The BBC is reporting a “worldwide effort” to strengthen “time servers” (computers that keep the time on the internet) as a way of thwarting hack attacks. It reports that there has been an “explosion” in the last few months of the number of attacks targeting these special servers. The story was first broken by security company Arbor.
Criminals used the time servers (also known as NTP servers) in a series of DDoS attacks. DDoS attacks aim to knock out a targeted network by flooding its servers with huge amounts of data. Roughly 93% of all vulnerable servers are now thought to be secure against this type of attacks.
The inspiration for this tightening in security came from an attack on the online game League of Legends, which was performed by Derp Trolling, who have attacked many other online gaming platforms in a similar manner.
The League of Legends gaming site (and others like it) were attacked by exploiting a weakness in older forms of the software that underpins the network transfer protocol (NTP). This type of attack is called an NTP reflection attack, which uses a spoofed IP address (mimicking the targets IP address) to overload it with responses from multiple NTP servers. This rush of data to the target server, or servers, causes them to crash.
The Network Time Foundation, which helped to coordinate the security measures, estimated that 1.6 million machines were at risk to reflection attacks. Work to reduce this number began early this year.
Despite 93% of servers now being more secure, an estimated 97,000 are thought to be open to abuse. Arbor estimates that it would take 5,000-7,000 NTP servers to mount an overwhelming attack, leaving plenty of room for hackers to manoeuvre.
The “explosion” in the number of attacks in recent months has been caused by copy cat hacking groups using the same methods as Derp Trolling. This has led to a spike in malicious network activity, hence why the internet community has responded with such a wide ranging strategy.