It’s been a while since the world first started hearing about Denial of Service attacks. It was February 2000, and in the space of just one week, major websites like Yahoo!, eBay, CNN, E-Trade, and Amazon were experiencing inexplicable outages that lasted for more than an hour in some cases. And those outages were costing them millions of dollars in lost revenues.
A little investigating, combined with loose lips on the part of the offender, eventually pointed law enforcement to a 15-year-old Canadian high school student going by the handle MafiaBoy.
That was the first time the public and most businesses became aware of the simplicity and power of Denial of Service Attacks. And nearly 15 years later they’re still a very potent threat to businesses of all sizes, with DDoS protection being a necessity for many.
So what is the dreaded DDoS? A Distributed Denial of Service attack usually starts with hackers infecting thousands or even millions of unprotected servers and personal computers and turning them into zombies or bots. All these botted computers combine to create a massive network or botnet of compromised computers that will do whatever the hacker, sometimes called a bot herder, asks them to.
And often that instruction is to start sending requests to the same website for hours on end. The result is that the targeted website can’t handle the huge surge in traffic, legitimate users can’t access the site because it’s too slow, and eventually the site crashes entirely. The damage to sales and reputation can be enormous.
So what’s the goal of the attack? It can be anything from a protest to notoriety for the hackers and even extortion. In the wake of the riots in Ferguson, Missouri in August of this year, local police reported that their website was the target of a DDoS attack, presumably as some kind of protest. Victims of DDoS attacks often report receiving demands from the hackers for a payment to make the attack stop, and it’s estimated that more than one in every ten DDoS attacks is followed by extortion demands.
In August of this year, Sony was the victim of a massive and well-organized DDoS attack that closed down the PlayStation Network and Sony Entertainment Network for nearly 24 hours. And it doesn’t cost much for hackers to do this kind of harm. A few hundred dollars will rent you a couple of thousand bot-controlled computers that you can direct to attack any website. One security company alone claims to be detecting 12 million of these DDoS bots every week.
If you would be interested in learning more about botnets and how they work, check out Zombie Rush – DDoS Botnets on SiteLock’s blog.
And don’t forget, SiteLock provides comprehensive and affordable DDoS protection through our combination of web application firewall and content delivery network.
Google Author: Neal O’Farrell