Distributed denial of service (DDoS) attacks have gained a new prominence in the last several years, due in large part to the actions of the collective hacking activist group, Anonymous, who have recently launched an appeal on the White House’s petition platform to make the activity legal, claiming it should have free speech protection.
DDoS attacks consist of flooding a website with so many requests for information (necessary when one visits a website to see its pages), sent from a network of hijacked that its servers slow down or even become overwhelming. Often victims will need to shut down the server temporarily to rescue it from the attack.
Just because something is in the news, of course, does not mean it is important, so we asked a number of people involved in the battle of DDoS attacks what they thought. Are DDoS attacks useful from an activist viewpoint? Do they do real damage to a target, or are they just a minor irritant? If they’re not effective, does their use reduce Anonymous’ credibility?
The Federal Bureau of Investigation, Press Office:
The Federal Bureau of Investigation — Cyber Crime:
HSBC bank (victim of an Anonymous DDoS):
Crowdstrike cybersecurity firm (staffed by former FBI agents with cybercrime experience):
Department of Homeland Security official (on background):
The Department of Homeland Security told the Daily Dot that, while no two incidents are alike, it takes seriously any potential disruption affecting a government network or critical infrastructure.
When DHS becomes aware of a disruption, they said they work closely with the affected entity to identify the nature of the threat and put in place mitigation strategies to help protect the security and ensure the resiliency of the network.
Adam Wosotowsky, researcher on the McAfee Labs team:
DDoS attacks are generally considered to be crude attacks. In general, a DDoS attack doesn’t cause a long-term disruption if there is adequate capacity and cooperation amongst the victim, their ISP, hosting company, etc.
A network administrator’s job is to design a network and its associated infrastructure in such a way that it is easy to monitor and oversee. Their job is to identify the nature of the attack and take actions to reduce or eliminate the impact. Once that assessment is made, they work with their hosting provider and ISP in order to block the attack farther and farther away from the target of the attack. If modifications to the nature of the attack occur, then that information is shared and the attack is repelled.
Companies with large internet presences are going to have individuals with the network competency to react faster and more efficiently. It’s a lot of work and monitoring, but it can be done.
A DDoS attack tends to be brute-force and will expose at least part of the botnet to identification, which can lead to the loss of part of it. If certain systems have unpatched DDoS vulnerabilities then it will take far less attackers to disrupt the service and it can be carried out with successive adjustments and the participating hosts can be brought to bear more slowly, lengthening the duration of the attack by causing the administrator to have to adjust more frequently. It can also be cover for a more skillful attempt to break into the systems while the administrator’s focus is elsewhere, or could increase costs because of the bandwidth that is being used.
DDoS is a blunt tool in an attacker’s arsenal and can always be brought to bear against a victim. It’s not the biggest trump card, but it can always be used. In this respect I doubt that it is going anywhere. There are a lot of botnet infections out there that aren’t being monetized to send spam as much as they have in the past, which leaves DDoS attacks as a good way to rent away a botmaster’s less interesting hosts.
TheLulzDeptxx, member of Anonymous:
Personally I do not DDoS. This is merely my personal opinion.
Let’s consider anyone reading this knows the history of DDoS and how it became a form of digital protest.
There are many reasons people want a site to go offline. This will be about the protesting reason for it.
The basic point of any protest is to get your voice out there and let people know you are unhappy. Imagine over 9,000 people went into a Wal-Mart to fuck around and not buy anything to protest how poorly Wal-Mart treats their employees. Compare this to DDoS and remember that one of them could possibly land you in jail for a night and the other could land you in jail for ten years.
The U.S. government is set up to protect capitalism, not people. They claim to have come up with a quantitative monetary amount of damage from some of these sites that have been taken down like during OpPayPal. This is how they justify these long sentences even though the figures are a mere guess.
Most of the DDoS progs are fairly simple to use. The beauty of an online protest is that you are not limited in participating by where you are geographically. So if anyone can protest online and the programs are easy to use it means almost anyone can do it. This is really what is scaring the fuck out of governments worldwide. The people of the world can now make their voices heard. If they don’t want to listen, the people now have the choice of making them listen. As for whether this is to focus attention on something, I do not believe in the beginning that was the point. These people were pissed and were venting their frustrations. Currently it does focus attention on a site or a cause because it makes the news almost immediately.
As for damage done to the sites, so far in my readings there has been no permanent damage caused by DDoS except for some hurt feelings, some embarrassment and a really bad day for their IT department. If somebody wanted to use PayPal to buy something and PayPal was down its most likely that they would just wait till the next day to buy it. So it causes no permanent harm, it’s temporary, it gets a message across, and you will go to jail if you get caught.
Some people seem to have forgotten that the actual protest is only as important as the message behind it. As long as a legitimate reason is behind it, it will continue to be an effective tool for people to use.
To anyone thinking about doing it I would like to remind you to consider the risk and if you are willing to go to jail for a long time. Research all aspects of it and assess all safety risks. The one thing you miss or do not fully understand will be the reason you get (arrested).
Photo by Thierry Ehrmann/Flickr