Security giant hit by hacker attack

NAI's US servers were bombarded in a Denial of Service (DoS) attack after malicious software was posted anonymously on a security mailing list with 85,000 members, called BugTraq.

Chris McNab, network security analyst at MIS Corporate Defense Solutions, said the BugTraq monitor would have been hard pushed to spot the exploit. "The hacker had spent a lot of time, effort and resources on this," he said.

McNab claimed NAI's network was up and down intermittently overnight.

However, Douglas Hurd, business development manager for Northern Europe at NAI, said the company's servers stood up well to the attack. "NAI were aware as soon as it happened. Within 90 minutes we were able to do something to mitigate the attack," he said.

The BugTraq list is used by security professionals to share information, publish exploits and post fixes. Postings are monitored for malicious content, but the DoS software passed through unnoticed, hidden in the shellcode.

The hacker software was hidden in a posting that claimed to be the first exploit of the BIND vulnerabilities in the wild. Security experts have been waiting for the code to be published since last Friday when NAI announced it had a copy in its US labs.

"This was probably a revenge attack for telling the world about the vulnerability," said McNab.

NAI's Hurd said the company will not take action against BugTraq. "We're obviously very disappointed. But we can't fault them for being imperfect," he said, "BugTraq plays a valuable role."

He added that the damage caused to NAI was minimal. "It's never good news to be attacked, but its proof that NAI's defences worked this time."