Last week we experienced numbers of DDoS attacks which caused sites like Paypal, Moneybookers, PostFinance to shutdown. Lets find out more about DDoS.
What is a DDoS attack?
Typically pronounced “dee-doss”, a DDoS attack is launched by well-prepared online criminals aiming to prevent legitimate parties from visiting affected websites and using the online services they provide.
How does a DDoS attack work?
The simplest denial of service attack works by bombarding a target website with so much traffic that it cannot keep up with the volume of requests it is receiving. This causes the website to become unavailable to legitimate users, hence the term “denial of service”.
If only a few computers are involved in the attack, they may not be able to generate enough malicious traffic to cause a denial of service. Small scale attacks like these can be further mitigated by preventing the attacker's computers from accessing the website; however, in some cases it can be difficult to distinguish malicious and legitimate traffic.
Naturally, an attack becomes more difficult to defend against when the malicious traffic originates from a much larger numbers of computers. This situation becomes known as a distributed denial of service (DDoS) attack, as the computers are usually distributed around the world.
As well as being harder to block, the inordinate volume of traffic that can be generated by a well-executed DDoS attack makes it possible to take down almost any website on the internet. The only reliable defence is for the website administrators to take special – and often expensive – measures to thwart DDoS attacks.
Who carries a DDoS attack?
Most DDoS attacks are orchestrated using a botnet – a large network of compromised computers that can be used to generate malicious internet traffic. Any vulnerable internet-connected device can potentially be roped into unwittingly taking part in a DDoS attack, be it a desktop PC, webcam, broadband router, printer, or even other websites.
Only the botnet's controller can tell it which websites to attack, and what kind of traffic to send – often with near instantaneous effects. With such powerful capabilities, botnet controllers can easily monetize their efforts by letting other criminals hire their botnets for short periods of time.
Establishing and maintaining a botnet requires a great deal of skill, yet its capabilities can be harnessed by almost anyone who is willing to pay. Some of the most effective DDoS attacks have been carried out via so-called “stresser” services – these are websites that purportedly let users test the resilience of their own websites by launching short-lived DDoS attacks against them. However, many of these stresser services are actually used to attack websites that belong to other people, and the providers of these services know that – which is why they nearly always accept payment in non-traceable cryptocurrencies like Bitcoin.
Although DDoS attacks can be aimed at other types of internet infrastructure, websites are a popular target, as it is easy for the attacker to determine whether or not the attack has been successful. If the attacker can no longer reach the site himself, the attack is an obvious success.
Why do DDoS attacks happen?
The most obvious motivation for carrying out a DDoS attack is to make money. Online gambling sites are no strangers to extortion attempts, where attackers threaten to carry out DDoS attacks unless a ransom is paid. Sometimes these threats are hollow, but ironically – and annoyingly – it can work out cheaper to pay a small ransom than to enrol the services of a specialist DDoS mitigation provider.
Shady businesses can also enjoy financial benefits by carrying out DDoS attacks against their competitors. If the attacks force the competitors' websites to stay offline for a prolonged period, the shady business is likely to gain new customers merely by virtue of having a website that still works. The competitors may have their suspicions, but it could prove almost impossible to determine who was behind the attacks.
Not all DDoS attacks have a direct financial motive, however. In September, security blogger Brian Krebs faced one of the largest attacks ever after he uncovered who was behind a set of previous attacks.
But the attack against Krebs was not the first to be carried out as an act of revenge. Perhaps the most notable series of examples this decade took place at the end of 2010, after some of the world's largest payment providers decided to prevent the whistle-blowing organisation WikiLeaks from receiving donations. In retaliation, the “hacktivist” group known as Anonymous launched successful DDoS attacks against some of the providers, including Moneybookers, PostFinance, PayPal and MasterCard.
The attacks carried out by Anonymous were also interesting for another reason – rather than using a botnet of compromised computers to generate malicious web traffic, thousands of volunteers deliberately installed attack software on their own computers. The volunteers' computers were orchestrated via an IRC (internet relay chat) channel, which allowed the group to specify which website to attack. To make it easier to participate in the attacks, a web-based attack tool was also developed – this allowed complete novices to take part in the attacks simply by opening a page in a web browser.
Incidentally, Anonymous also reminded us that it is not just websites that can be affected by DDoS attacks. Part of its campaign involved sending large numbers of faxes to the companies that had decided to distance themselves from WikiLeaks.
With modern day commerce relying so heavily on the web, DDoS attacks can have a devastating impact on businesses, and so it is worrying how much easier it has become to carry out such attacks. The best hope for some businesses may be to avoid becoming a target in the first place, but in reality it only takes one person with a grudge and enough money to unleash hell.
0 comments: