B-25 bomber dropping ones and zeroes from bomb bay

Photo via Ted/Flickr (CC-BY-SA) Remix by Jason Reed

How DDoS attacks knock your favorite websites offline

Can't access your favorite website? A DDoS attack may be the culprit.

 

Ben Dickson

Tech

Posted on Aug 13, 2017   Updated on May 22, 2021, 8:47 pm CDT

On Oct. 21, 2016, an otherwise casual Friday morning, millions of users across the U.S. found themselves unable to access popular websites such as Amazon, GitHub, Shopify, Twitter, and the New York Times. The lack of access had nothing to do with the users themselves or their internet service providers. It was the result of a massive DDoS attack, the largest of its kind seen to date.

Thanks to the proliferation of internet-connected devices with poor cybersecurity features, a DDoS,  attacks are becoming more common—and more powerful. The reasons cybercriminals wage DDoS attacks range from political to financial. And for the time being, it’s likely that we will only see more DDoS attacks in the months and years to come. Here’s what you need to know about this common but powerful threat.

What is a DDoS attack?

A DDoS attack is a kind of cyber assault that aims to make an online service unavailable by flooding it with bogus requests from multiple sources, or IP addresses. As the service becomes unable to handle the deluge of connections and traffic it is receiving, it shuts down or drops legitimate requests coming from real users, blocking their access to its services.

To be clear, there is no “hacking” taking place as part of a DDoS attack. It’s simply overwhelming a network to the point that it’s inaccessible.

Low Orbit Ion Cannon (LOIC)
Low Orbit Ion Cannon (LOIC), a network testing application often used for waging DDoS attacks. Screenshot via FockeWulf FW 190/Wikimedia Commons (CC-BY-SA)

How are DDoS attacks waged?

Cybercriminals need to access a large number of computers in order to orchestrate a successful DDoS attack. They accomplish this by assembling botnets, which are armies of computers infected with a specialized malware that enables the attackers to control them remotely.

The attackers then order their botnet to send simultaneous requests to the target website, overwhelming it with fake traffic and eventually shutting it down.

READ MORE:

In the past, creating botnets and staging DDoS attacks was a challenging feat. But in recent years, DDoS activity has increased in size and number, partly due to the expansion of the Internet of Things (IoT). IoT devices such as smart home appliances and connected digital video recorders are generally less secure and easier to compromise than generic computing devices such as desktop and laptop computers or mobile devices. And with so many vulnerable devices becoming connected to the internet, so-called botlords are having an easier time finding targets to conscript into their zombie armies.

In fact, October’s DDoS attack was conducted through an IoT botnet that was assembled from tens of thousands of connected cameras scattered across the world. The hackers who owned the botnet later offered to rent their cyberweapon of mass destruction for the price of $7,500 per hour.

What’s in it for the hackers?

There are several reasons why hackers stage DDoS attacks. DDoS is becoming a weapon of choice in political disputes, where attackers disrupt access to websites to spite rivals and enemies. In 2012, the U.S. government accused Iran of conducting a series of DDoS attacks against U.S. banks in retaliation to economic sanctions against its nuclear program.

It has also become a tool for censorship. In 2015, a DDoS attack that was largely believed to be linked to state-backed Chinese hackers aimed at blocking access to GitHub pages run by GreatFire.org, the organization that monitors and helps circumvent the censorship of internet in China.

In 2016, the website of security researcher Brian Krebs was hit by a huge DDoS attack in apparent revenge to his disclosure of the identity of a hacker group.

In other cases, DDoS has been used as a tool for blackmailing. Attackers hit Australian email provider FastMail with a brief DDoS attack and threatened the company with a lengthier follow-up attack unless they paid 20 bitcoins.

And sometimes, they’re used to prove a point or to warn about bigger attacks to come. The real motive behind the October DDoS attack, which went after DNS provider Dyn, is yet to be determined.

From political to criminal and financial motives, DDoS has proven to be one of the favorite cyberattacks of hacker groups— one that is likely to stay for the foreseeable future.

Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.

Share this article
*First Published: Aug 13, 2017, 6:00 am CDT