Distributed denial-of-service (DDoS) attacks are aimed at making services, networks, and websites unavailable. As such, they are a kind of censorship usually deployed to extort ransom payments or for political means.
The first DDoS tools emerged in the mid-1990s and became popular among activists as a form of protest. Similar to a physical protest outside a government ministry or corporate headquarters, a DDoS attack allows a group of people to generate media attention and block the digital “doors” of their target.
DDoS Attacks and Their Role in Activism
At first, these tools often required people to stay at their computers, even manually refreshing websites to get them to slow down. In the early 2000s, the tools became more automated and sophisticated. For example, some used IP spoofing to make identification of an attack source more difficult or to cause feedback loops that essentially allowed you to trick a service into attacking itself.
The online activist collective Anonymous was infamous for its politically motivated DDoS attacks. For instance, Operation Payback was the coordinated effort to retaliate against DDoS attacks on media-sharing sites. Similarly, DDoS attacks were launched against several large financial institutions after they shut down customers' donations to WikiLeaks.
Whether such attacks should be considered as legitimate demonstrations is widely debated. On one hand, they can be regarded as a form of civil protest, which in some cases may block roads or access to buildings. The two are also alike due to their typically limited time frame. On the other hand, DDoS attacks are also similar to censorship. They deprive people access to information and silence news outlets or blogs. This is especially worrisome because the smaller an outlet or blog, the easier it is to use a DDoS attack to disable a site or company.
Governments have also been caught employing DDoS attacks for political means, as Edward Snowden revealed in 2013. GCHQ, the intelligence arm of the British Government, launched DDoS attacks in 2011 to disrupt chat rooms popular among alleged hackers, who had previously mounted DDoS attacks against government websites.
New DDoS Trends
The trend in this decade is that DDoS attacks are increasingly carried out by botnets rather than a group of individuals. Earlier this month, devices from tens of millions of IP addresses targeted Dyn, a large domain name system (DNS) provider. A DNS acts like a phone book for the Internet, where domain names such as amazon.com are translated into their corresponding IP addresses. During this recent large-scale DDoS attack, Internet users were unable to load dozens of sites that had DNS information stored by Dyn.
Payment methods like Bitcoin have made it easier than ever to anonymously send money across the Internet. On the downside, it has also become easier to monetize botnets to launch attacks by renting them out or using them to extort money. Because a service can easily lose millions of dollars from being offline for even a day, attackers might exploit this by threatening a DDoS attack unless ransom is paid.
Defending Against DDoS Attacks
There is no easy and definite defense against DDoS attacks. Some attacks follow patterns that can be discovered and exploited for defense purposes, such as traffic coming from a certain IP range. However, this often also shuts legitimate users out of the system.
DDoS attacks are generally more difficult to carry out on larger targets. Services like Facebook and Google experience such a high load of requests on a normal day that they are more resilient against attacks.
Google's Project Shield and Cloudflare's Project Galileo both provide free DDoS protection. Services and individuals are increasingly moving toward such large centralized networks for protection. However, this raises concerns because the Internet ought to remain decentralized and not in the hands of a few corporations.
For gamers who fear DDoS attacks on their home network, a virtual private network (VPN) can achieve similar protection that a content delivery network provides for websites. Sadly, free services do not offer the speeds and latencies that paid services do.
If you don’t want to risk inadvertently taking part in a DDoS attack, there are a few steps you can follow. Almost all routers come with a firewall by default, which you should not open up or deactivate. If any of your networked devices require an open port, do research to find out whether the manufacturer is reputable and that the device receives regular updates.
Also of Interest
Arthur Baxter is a network operations analyst at ExpressVPN, a leading privacy advocate whose core mission is to make it easy for everyone to use the Internet with security, privacy, and freedom. It offers more than 100 VPN server locations in 87 countries.
© 2016 Arthur Baxter. This EDUCAUSE Review blog is licensed under Creative Commons BY-NC-SA 4.0.