Denial Of Service – Evolving In Methods And Goals

Posted: October 20, 2013 in Articles
Tags: ,

DDoS attack alertInstead of running broad-spectrum attacks, many DDoS users are focusing on areas of weakness in the target network. This approach requires more finesse than … Read more below.

From the earliest days of history, there have been people who develop ways to get past security and attract attention through vandalism.  Graffiti, prank phone calls, and “gotcha” type TV-shows are some of the more recent examples, but, with the advent of the Internet, a new form of vandalism has appeared.  The Distributed Denial of Service (DDoS) Attack.

What is Distributed Denial of Service?

First arising in the 1990s as a way to expel people from Internet chat rooms and the like, a DDoS attack is the digital equivalent of a sledgehammer; instead of introducing a virus or remotely controlling the target machine, a DDoS attempts to overwhelm the computer with an excess of data.  This influx of random “nuisance” data renders the machine or network incapable of performing its regular functions.

AnonymousHow Is DDoS Being Used?

Although DDoS was originally utilized as a social tool or a “pranking” device, there is now a thriving underground economy revolving around this attack.  Several services now offer paid DDoS attacks; these “digital mercenaries” work for payment in Bitcoin, an online currency, or other, untraceable methods.  Other groups can be hired to “test defenses” against DDoS…with the side effect that others could potentially hire them to actually cause damage.  Political activists have also taken to the DDoS attack as a form of the governmental sit-in or protest, despite the potential legal repercussions.

How is the DDoS performed?

In order to project the amounts of data required to create a DDoS, attackers use several different methods.  When many people believe in the same “cause,” it is likely that the attacker can enlist the assistance of his/her compatriots, bombarding the target with the DDoS from several different venues.  If this is not enough, many attackers also create “zombie computers,” infecting machines with a virus so that they can be forced to participate in the DDoS attack.  This can conscript thousands of computers and create attacks ranging in the tens to hundreds of gigabytes per second; the amount of computers required to mount a successful DDoS is falling, however, as the power of computers infected has increased.  Instead of a collection of third-world machines, potent machines from the U.S. and other developed nations are being co-opted.

Instead of running broad-spectrum attacks, many DDoS users are focusing on areas of weakness in the target network.  This approach requires more finesse than the “shotgun” approach, but, by applying the collected processing power to a narrower area, the attack can be many times more effective.

Legal Implications

While many countries, including the United States and the United Kingdom, have long-standing penalties for engaging in DDoS attacks, there are several advocates who believe that performing these attacks can, at least in certain circumstances, be an expression of free speech and protected as such.  Comparing these attacks to protests and sit-ins, these advocates are pushing for the removal of automatic punishments for these attacks.

Summary

DDoS attacks are like any other weapon; they evolve as the defenses against them evolve and as the need for them changes.  With the advent of social networking technology and the “distance” that Internet usage can create between an attacker and the consequences, increased use of DDoS attacks for vandalism is likely to increase; conversely, as information disseminates and more people are aware of more things they perceive as injustices, the use of DDoS attacks to make political and social statements will also increase.  Time will tell if governments permit this as a use of “free speech” or maintain that it is a purely criminal act of cyber vandalism.

Sergeo LeeSergeo Lee is a engineering founder of a film scheduling platform Edictive.com. Now he shares with us a real security concern to all of us with a website business.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s