DDoS: The Reason Why
A DDoS attack is blatantly illegal anywhere, and distressingly common everywhere. In fact, by most analysts’ estimates, it’s getting worse—every online enterprise is worried about this assault, or at least should be.
Of course, some things have changed: The parties involved, the strategies deployed, the technologies used, and particularly the motives behind a given assault. In a sense, the motive shouldn’t matter that much, since putting up a solid defense and initiating recovery operations takes the same level of dedication and resource allocation. However, knowing the motive is actually critical for understanding the threat patterns, and what might be done with the stolen data.
Notoriety: In the earliest days of DDoS attacks, this was the primary motivation. It offered “street cred,” bringing kudos and other benefits, such as partnership in future efforts from hacker collectives. Notoriety is still quite common, but it’s now only one of the motives.
Competitive advantage: Again still quite common, this motive fueled the earliest cloud-based DDoS defense companies and helped many of them get off the ground. In the early days of DDoS attacks, offshore gambling houses would launch DDoS attacks against other gambling houses, often right before a sporting event was about to take place. Since thousands of people were about to place their bets with one gambling house, taking that house offline, resulted in people placing their bets with other gambling houses that were still online. As one can imagine, similar competitive advantage has been observed across many different industries.
Player advantage: This motive fuels the spread of DDoS attacks against online roll-play video gaming sites. Attackers launch DDoS assaults against gaming sites themselves, or attacks against individual players to block their gaming experience. Many universities, cable operators, and ISPs see attacks against their residential networks daily, based solely on players attacking each other using botnets they don’t even own.
Cyber warfare/terrorism: In 2007, Russia was accused of launching a DDoS attack against neighboring Georgia, effectively taking the country offline. In addition, DDoS attacks targeted some of the largest financial houses in the U.S. during operation Ababil. In 2012, in response to a YouTube video that offended many people, a group that called itself Izz ad-Din al-Qassam Cyber Fighters launched a massive barrage against the U.S. financial industry, even taking some of the largest banks offline.
Cyber hacktivism: This one claims a noble purpose, and those involved base their actions on a personal, social, moral, or political agenda rather than profit. One recent example: the attack on carmaker Nissan by a group protesting Japan’s policies on marine life.
Profit: This is, of course, the big one. At its core, it’s simple extortion: The potential attackers send emails asking for money—as little as 40 bitcoins to be deposited in an online account—in order to prevent a DDoS attack. This is a serious threat, and those that pay once are asked for more later. In addition, other groups get in on the act and make their own threats,
Dark DDoS: In this scenario, the perps use DDoS attacks to take attention away from their other insidious activities. These include network and application breaches with data exfiltration. While the victims focus on the unwanted traffic, the criminals get away with what they’re really after.
Again, the reasons for DDoS attacks are broad and complex. As long as they succeed, they’ll keep coming. But there are now high-quality strategies available that take into account not only the motive but also the technologies, sources and other factors to mount a vigorous defense, counter-attack and recover. That’s the only way to prevent this scourge.
About the Author
Edited by Peter Bernstein