Distributed Denial of service attacks have been a mainstay of direct action in the hacker subculture since the early years of the internet. Much like the argument of guns levelling the playing field for those less suited to physical violence for self-defence, DDoS is seen as a way for a single person or small group to make an asymmetric response to a perceived threat. The tactic has seen broad evolutionary leaps in recent years due to easier communication and collaboration by people with programming knowledge across great distances. Read on and the phenomenon will be outlined for your convenience.
What is a Denial of Service?
A Distributed Denial of Service is a cyber attack that aims to bring websites and web-based services down by bombarding them with so much traffic that their services and infrastructure are unable to handle it. Early methods were simple floods of data, once which was known as a ping flood. This tactic sent continuous pings to a target location to create a virtual traffic jam. By sending more data or instructions that a target can handle, hardware failure is possible. When average bandwidth increased enough to make a network attack impossible from a single computer, hackers began employing what are known as botnets. These banks of slave computers waiting on a hacker’s command to attack made it possible for anyone capable of writing and distributing a virus to create simplistically speaking, a ping flood on steroids. Today though, it is not just about data volume, but instruction complexity that makes a DDoS so devastating.
Why Do Hackers DDoS?
Common targets are businesses and government entities that are perceived to be engaging in unethical behaviour. During the Arab Spring, attacks were launched against governments that were seen as stifling the civil rights of their citizens. OpEgyptpt, by the decentralised group Anonymous, represents one of the largest collaborative efforts by civilians over digital media to foment sociopolitical change in history. Regardless of where you stand in regard to world politics, it should be clear that these attack methods allow people to be heard that otherwise would have been.
How is it Done?
How a denial is performed today represents its great potential in the hand of popular movements. Crowdsourcing is tuning into a primary feature, which makes it especially difficult for companies and governments to deal with by using standard regulation.If you find enough people sympathetic to your cause, the data flow that can be unleashed on a list of IP addresses is almost limitless. With the inception of tools specifically designed to make crowdsourced denial attacks easier, a child can do it. Often, all it requires is the ability to download a file and press a button.
There are Tools?
Very few people outside of the security and hacker communities are even vaguely aware of what is available to anyone with a network connection. Manu of the tools used are only a few hundred lines of code long and are easy enough to understand that a person with basic knowledge of Perl, in the case of Slowloris, can understand and modify it. Other more user-friendly tools such as the Low Orbit Ion Cannon (LOIC) and High Orbit Ion Cannon (HOIC) comes in an executable format with an interface that only requires a user to enter an IP address and click a button. Incidentally, these are all available for download through the open-source hub know as Sourceforge.
No government on the planet is equipped to handle popular digital assaults using simple scripts like Slowloris, LOIC or HOIC. Currently, activists tend to target websites in a show of solidarity in protest rather than trying to do any real harm. It is the digital equivalent of flying all your acquaintances from all over the world to stand in front of the doors of a business in protest, effectively stopping commerce. Concerted attacks on the United States beginning May 9, 2014, though, hint at a much more malicious potential. Be targetting DNS servers, the attackers were able to slow network traffic, noticeably all across the country for days. Unemployment figures for recent college graduates with IT degrees, unfortunately, do not seem to imply that governments have begun to take the problem seriously quite yet.