Early this past Friday, some of the more popular corners of the internet became inaccessible due to a massive attack on DNS service provider, Dyn. At around 7:00AM, hackers launched a distributed denial of service (DDoS) attack that halted Dyn’s services and brought sites like Twitter, Spotify, and even Just Fix It’s own hosted services to their knees. Yet despite the unprecedented size of the attack, there’s very little for an end-user to worry about aside from a frustrating inconvenience. This is due to nature of the attack; unlike some of the more malicious methods that hackers employ, a DDoS serves only to annoy and harass.
WHAT IS A DISTRIBUTED DENIAL OF SERVICE?
A DDoS is actually a pretty simple concept. A server is only able to process a certain number of requests at a time. Usually this is a high enough number that no matter how many people send requests to it, it can handle the traffic without slowing down. To use a simple analogy; picture Amazon as a brick and mortar store, and the requests are people trying to get through the front door. On a normal business day, people can come and go without so much as brushing shoulders.
A distributed denial of service attack aims to jam that all up. The attackers bring the server to a halt by generating so much traffic that it becomes unable to deal with all the requests and becomes swamped. Expanding on the above analogy, this would be a tremendous crowd of people trying to push their way in through the front door of Amazon at the same time. If you’re at the back of the crowd, it’s going to look exactly like things aren’t moving at all.
A HORDE OF ZOMBIES
So how are hackers capable of generating so much traffic? There’s a couple of ways; one is an old standard and the other is new on the internet scene.
The most common way is through virus infected computers known as zombie systems or bots. Not all viruses are created equal, and while some might encrypt your files or tell you the RCMP is after you for software piracy, the most common types are more innocuous on the surface. These viruses are typically picked up through email and are completely silent. Most owners of these infected computers are unaware that their system has even been compromised. Countless thousands of these zombified systems exist worldwide, all roped together and weaponized as botnets.
These weapons have only been sharpened by the rise in new internet ready devices, the so called “internet of things,” which range anywhere from security cameras to refrigerators and feature poor, easily compromised, security. Indeed, companies have found ways to cram an internet connection into basically everything you can think of, and few have been vetted to prevent them from being externally compromised by hackers. Now, even smart TV’s and baby monitors can be used to block the doors to Amazon.
WHAT’S THE POINT?
Due to the fact that any low-level script kiddie can rent a botnet for a modest sum of money, DDoS attacks have become popular among hacker communities the world over. But if they aren’t out to obtain data or steal money, what’s the point of a DDoS attack? Well, there are a lot of possible reasons.
Commonly, the attacks are used as a form of extortion, blocking access to a service until a community’s demands are met. Sometimes it’s just for mischief or to get back at someone who has done something to scorn a particular hacker group. In the case of the recent attacks on Dyn that brought down Twitter, it was allegedly a dry run to test the capabilities of hacker group “New World Hackers,” who claim to be planning a similar attack against the Russian government in retaliation for their suspected meddling in the U.S. presidential election. These claims have yet to be verified.
Regardless of the intentions, DDoS attacks are a nuisance that are frustrating to both internet security experts, as well as users. It takes time to mitigate the effects of an attack and it’s extremely difficult (though not impossible) to track down the perpetrator, as it’s rarely controlled directly. The only way that the severity of these attacks can be reduced is by working harder to secure networks and devices from outside intrusion.