The Growing Threat of DDOS as a Weapon

Posted by Lior Weinstein on Thursday, Apr 24th, 2008
Category : Uncategorized

The more we build business and economies on top of internet infrastructure, the more we are vulnerable.

I was reading today about yet more DDOS attacks (Distributed Denial of Service) on websites. A DDOS is a lethally effective way to take a website unavailable, and often requires expensive and specialist help to solve if the attackers are determined and skilled.

These latest events may be political, may be grass roots or might even be government sponsored. If anyone knows, nobody is telling. Fact is though it would be naive to think only one group, country or movement is looking at this as a useful tactic. You can bet every government has at least investigated it.

The aim of these attacks could be to knock the site out so it is unavailable, degrade the service, so the users go to a competitor, for example, or to hold the owners to ransom. If the attack is politically motivated a satisfactory outcome could be for the site to be unavailable in the attackers home country, either as an outcome of the attack or due to heavy handed remedial measures.

DDOS works by flooding the host computer with requests. This could be as simple as getting a story to the front page of Digg for weaker hosts, or by getting a large group of people to all descend on the site at an appointed time.

Obviously in the recent cases they were more industrial strength, for example in the TechCrunch report about SlideShare

We’ve been told that the attack reached a peak of 2.5GB/sec and consisted entirely of packets sent from China.

That’s a serious attack. This will have required a large network of computers, a great deal of bandwidth capacity, and lots of separate lines. A common approach is to use “zombie” computers, that is computers infected with malware so the remote operator can use the resources to perform the attack while the unwitting owner is fully unaware.

You can read more on the topic and more sophisticated approaches at Wikipedia.

The concern is not so much that this kind of attack happens, but more how easily it can be done, and that, other than some basic protection, there is not a great deal many companies can do about it.

While a good network security plan can fend off lower level attacks, a seriously funded group could do a huge amount of damage to even the best protected business. Beyond that, Governments around the world are putting their tentacles into ISPs under various guises, overtly and covertly.

How difficult would it be for a government or security service to launch an attack if they wanted to? I expect it has already happened more than once.

Could this be the commerce or political weapon of the future?

Latest From Our Blog