DDoS Attacks: What Can Enterprises Do to Combat Them?

by Chris Preimesberger

The world’s first DDoS attack, as noted by the SANS Institute, occurred in August 1999 when approximately 200 “zombie computers” flooded a computer at the University of Minnesota with excess traffic. Consequently, the attack affected hundreds of other systems, resulting in a nearly three-day computer outage at the school.

Launched against Websites such as eBay, Amazon, Buy, Yahoo, CNN, ETrade and ZDNet, the motive for this high-profile DDoS attack was nothing more than extortion. Victims—in this case, the companies behind the Websites—were told to pay the attackers or suffer the consequences. This method continued as the status quo for six years.

2006 marked the first time a DDoS attack was used for political motives. Hacking group Anonymous used the attacks as a method of protest. Reacting to news of an HIV-positive two-year-old being banned from an Alabama amusement park, the group broke into the virtual social networking site Habbo, which is based on a hotel setting. The group inserted numerous avatars (fake accounts) resembling black men in suits to block the virtual site’s pool, declaring it was “closed due to AIDS.”

Before gunfight erupted between Russia and Georgia, Russian hackers dispersed a DDoS attack in Georgia’s Internet infrastructure, effectively disabling the government’s sites via the unsustainable amount of Web traffic. Bill Woodcock of the nonprofit Internet-traffic tracker Packet Clearing House told The New York Times that due to their low cost and anonymity, DDoS attacks “will almost certainly remain a feature of modern warfare.”

By 2009, more hacking groups begin realizing the effectiveness and ease of DDoS attacks. This year also saw the arrival of “Slowloris,” a strategy aimed at disabling incoming requests. The tools required to create a Slowloris eventually became free, democratizing access to these methods of DDoS attacks.

Iranian reformists disillusioned by the alleged rigging of the election exchanged scripts for launching DDoS attacks against President Mahmoud Ahmadinejad’s Website using social media. Iranians based in the U.K. also reportedly supported the DDoS attacks against Ahmadinejad by providing additional software for launching the attacks, which were successful in taking down the president’s and other government Websites. In a parallel activity, Anonymous, Pirate Bay and the Iranian Green Party launched a site called “Anonymous Iran” to help the protestors better communicate with each other and the outside world.

WikiLeaks, a site which often exposes sensitive government documents, encounters “payback” in the form of DDoS attacks. Government agencies and activist groups who see WikiLeaks as a threat to diplomacy and security use DDoS attacks to shut down the site or freeze accounts and cut off ability for WikiLeaks to receive funding. The payback comes full circle, as those who shut down WikiLeaks themselves became the targets of DDoS attacks by hacktivists defending WikiLeaks.

Sony security teams are distracted trying to defend against coordinated DDoS attacks, leaving no one to see network intrusions were simultaneously causing Sony PlayStation user accounts—101 million of them—to be breached.

Low-Orbit Ion Cannon, or LOIC, was designed to stress-test networks, but once it became freeware, Anonymous popularized its use. It continues to grow, even though it reveals the IP address of the user. It’s rumored that a new version will mask a user’s IP address.

In late 2011, hackers begin to go after bank Websites and corporate networks, including Bank of America, JPMorgan Chase and Citigroup. These attacks escalated in 2012, with Wells Fargo, PNC Bank, and others also becoming victims to DDoS attacks. Attacks continue today, and now U.S. government officials suspect Iranian hacktivists are carrying out many of them.

In April 2013, DDoS attacks hit Mount Gox, suspending Bitcoin’s currency exchange for hours. The influx of attacks on virtual currencies causes industry experts to speculate whether DDoS is being used to cause market volatility—enough to quickly and easily turn a profit for those in control.