Distinguished as an "Innovator under 35": Former IRG head researches cyberattacks

Facebook founder Mark Zuckerberg is among the prizewinners, as well as Larry Page and Sergey Brin, who made Google an international software concern. "Innovators under 35", or TR35 for short, is a global competition of the best technology talents, initiated more than ten years ago by the American magazine MIT Technology Review. The winners of the German edition of the competition now also include Christian Rossow, Professor of Computer Science at Saarland University. At the CISPA IT security research center, the 32-year-old computer scientist develops novel methods to unmask cybercriminals and provide early warning of their attacks.

Every day, at the CISPA research center for IT security at Saarland University, Professor Christian Rossow deals with digital attacks that companies and citizens would not want to come across in their worst nightmares. Mass attacks from the Internet, known in technical jargon as "distributed denial of service (DDoS) attacks", are considered the scourge of the Internet. Since they are relatively easy to carry out, young people use them as digital power plays, criminals as a service for the cyber-mafia, and governments as weapons. In the fourth quarter of last year, according to the software firm Kaspersky, 80 countries were affected, with the trend rising. In October, for example, Internet users in North America, Germany and Japan were disconnected from major online platforms such as Twitter, Netflix, Reddit or Spotify. Behind these outages lay a new type of DDoS attack, a so-called amplification attack.
"The insidious thing here is that the attackers can achieve a maximal impact with little effort," explains Rossow. With the help of certain vulnerable Internet protocols, requests to public server systems are crafted such that their responses greatly exceed the number and size of the requests. The attacker then replaces the requesting address with the victim's Internet address. Rossow has identified 14 Internet protocols that can be exploited for this kind of attack.
In order to more closely investigate these malicious attacks, the people behind them and their motives, he worked together with CISPA researchers Lukas Krämer and Johannes Krupp, as well as Japanese colleagues, to develop digital lures, so-called honeypots, for distributed attacks. He has deployed 21 of these on the Internet and has thereby documented over 1.5 million attacks. In this way, he could not only identify different phases of the attacks, in order to develop an early warning system from them. He also added secret digital markings to attack code that had been discovered "in the wild", and could thus uncover the sources of the attacks. "This is truly remarkable, because normally the forgers of the sender addresses remain hidden," explains Rossow.
This is not the first time that Rossow has systematically infiltrated cybercriminals' systems. In this way, he was also able to cripple the infamous botnet "Gameover Zeus" on behalf of the US domestic intelligence and security service, the FBI. Meanwhile, he has deployed his honeypots for the latest variant of DDoS attacks, in which cybercriminals are no longer using individual servers, but rather networked TVs, webcams, and refrigerators: the "Internet of Things" makes this possible.

Background: CISPA research center for IT security
CISPA was founded in October 2011, with the support of the Federal Ministry for Education and Research (BMBF), as a competence center for IT security at Saarland University. It unites the IT security research of the computer science department as well as the partner institutes on the campus, the Max Planck Institute for Informatics, the Max Planck Institute for Software Systems, and the German Research Center for Artificial Intelligence. Since then, CISPA has developed into an internationally renowned research center for IT security. Due to the excellent quality of its scientific publications and projects, the CISPA is now a leading research center for IT security worldwide.
Background: Technology Review and "Innovators under 35"
Technology Review is the German edition, published monthly, of the well-known "MIT Technology Review". For more than ten years, the German-language science magazine has been reporting on the latest technological trends that have potential to affect society in a sustainable way. Already for the fourth time, the German edition has reported on the "TR 35". "Innovators under 35" is known in the USA as a top distinction for young, gifted researchers and developers. The prize has been awarded for 16 years by the American edition of Technology Review, the innovation magazine of the Massachusetts Institute of Technology.

Further Information:
Link to the publication "AmpPot: Monitoring and Defending Against Amplification DDoS Attacks"

Link to the publication "Identifying the Scan and Attack Infrastructures Behind Amplification DDoS Attacks"

Questions can be directed to:
Prof. Dr. Christian Rossow
Center for IT-Security, Privacy and Accountability
Saarland Informatics Campus E9.1
Tel.: +49 681 / 302-70797

Johannes Krupp
Center for IT-Security, Privacy and Accountability
Saarland Informatics Campus E9.1
Tel.: +49 681 / 302-70805

Gordon Bolduan
Competence Center Computer Science Saarland
Tel: +49 681 302-70741

Notice for radio journalists: You can conduct telephone interviews in studio quality with Saarland University scientists via radio codec (IP connection with direct dialing or over the ARD starpoint 106813020001). Please send your interview requests to the press office (0681/302-2601).

newsarchive >>