Recommended
Recommended
More Related Content
Viewers also liked
Viewers also liked (10)
More from JeffJedras
More from JeffJedras (20)
Recently uploaded
Recently uploaded (20)
Five Dastardly Distributed Denial of Service Attacks
- 1. Five dastardly Distributed Denial of Service attacks While all Internet attacks obviously require a level of sophistication, in the world of cyberwarfare the Distributed Denial of Service (DDoS) attack is one of the most simple: ping a target with more requests than it can handle so real users can’t get through. It can also be effective, which is why DDoS has become a common form of cyberattack, now often employed by countries as cyberware gains state-sponsorship. Let’s look at some of the more high-profile DDoS attacks in cyberhistory. Image courtesy of rajcreationzs/ FreeDigitalPhotos.net By Jeff Jedras
- 2. Robert Tappan Morris While he didn’t set out to do harm, Robert Tappan Morris may have given birth to the modern computer virus when he unwittingly released the first computer worm on the world in 1988 while a student at Cornell University. His stated goal was to gauge the size of the Internet, but its self-replicating nature caused it to disrupt target machines, causing millions of dollars in damages. He inspired the creation of the U.S. Computer Emergency Response Team (CERT), and was the first person charged under the Computer Fraud and Abuse Act. While not strictly a DDoS attack, it was an early precursor. He’s now a professor at MIT.
- 3. Iran a target and a combatant Iran has been a hotbed of DDoS attacks. Or at least suspected ones. In late 2011, Bank of America Corp., JPMorgan Chase & Co and Citigroup were among a group of U.S. companies to have their web sites disrupted by attacks – all four are involved in enforcing U.S. economic sanctions against Iran. U.S. government officials pointed to Iran, but Iranian officials denied any involvement. Iran has also been a target. During the Iranian student uprising in 2009, protest groups targeted the web site of Iranian president Mahmoud Ahmadinejad, causing the government to temporarily shut down the Internet.
- 4. Who’s bad? Not all DDoS attacks are malicious. When Michael Jackson passed away in 2009, there was a massive explosion in Internet searches for information on the late pop singer. The volume was so high that search giant Google’s servers became overloaded, and with millions of searches being conducted, Google thought it was the target of a DDoS attack. The symptoms were all there – a massive number of requests pinging Google’s servers. People searching for Michael Jackson were for a time forced to enter a captcha to prove their humanity. Eventually, Google put two and two together and took its DDoS countermeasures offline, declaring a false alarm.
- 5. Montreal’s MafiaBoy While MafiaBay may be Canada’s entry to the DDoS hall of fame, his exploits were certainly global in nature. In 2000, Montreal teenager Michael Calce launched a DDoS attack against large commercial sites such as Yahoo, FIFA, Amazon, Dell, E*Trade and CNN. The costs of the attack were estimated at $7.5 million, and after a joint FBI/RCMP investigation, Calce was identified and plead guilty to most of the charges he faced. He later wrote a book about his experience that called for greater Internet security, claiming serious vulnerabilities still exist.
- 6. Going nuclear: Root nameservers It would be extremely difficult to pull off, but the nuclear DDoS attack option would target the 13 Domain Name System root nameserver clusters that are, essentially, the backbone of the Internet. A sustained attack that took enough of them offline could essentially shut down the entire Internet. However, the system is built with so much redundancy that the scale required to launch such an attack would be massive. Some have tried – a 2002 attempt targeted all 13 servers and only lasted an hour, while another in 2007 caused performance issues for four servers that was compensated for by the others – but no serious attempts have been Image courtesy of twobee/ FreeDigitalPhotos.net made.