While all Internet attacks obviously require a certain level of sophistication, in the world of cyberwarfare the Directed Denial of Service (DDoS) attack is one of the most simple: ping a target server with more requests than it can handle, so legitimate users can’t get through or the server crashes. It can also be effective, which is why the DDoS has become a common form of cyberattack, now bring employed by countries as cyberware gains state-sponsorship. Let’s look at some of the more high-profile DDoS attacks in cyberhistory.
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
Five Dastardly Distributed Denial of Service Attacks
1. Five dastardly Distributed Denial
of Service attacks
While all Internet attacks obviously require a
level of sophistication, in the world of
cyberwarfare the Distributed Denial of
Service (DDoS) attack is one of the most
simple: ping a target with more requests than
it can handle so real users can’t get through.
It can also be effective, which is why DDoS
has become a common form of cyberattack,
now often employed by countries as
cyberware gains state-sponsorship.
Let’s look at some of the more high-profile
DDoS attacks in cyberhistory. Image courtesy of rajcreationzs/ FreeDigitalPhotos.net
By Jeff Jedras
2. Robert Tappan Morris
While he didn’t set out to do harm, Robert
Tappan Morris may have given birth to the
modern computer virus when he unwittingly
released the first computer worm on the world in
1988 while a student at Cornell University.
His stated goal was to gauge the size of the
Internet, but its self-replicating nature caused it
to disrupt target machines, causing millions of
dollars in damages. He inspired the creation of
the U.S. Computer Emergency Response Team
(CERT), and was the first person charged under
the Computer Fraud and Abuse Act.
While not strictly a DDoS attack, it was an early
precursor. He’s now a professor at MIT.
3. Iran a target and a combatant
Iran has been a hotbed of DDoS
attacks. Or at least suspected ones.
In late 2011, Bank of America Corp.,
JPMorgan Chase & Co and Citigroup
were among a group of U.S.
companies to have their web sites
disrupted by attacks – all four are
involved in enforcing U.S. economic
sanctions against Iran.
U.S. government officials pointed to Iran, but Iranian officials denied any
involvement.
Iran has also been a target. During the Iranian student uprising in 2009, protest
groups targeted the web site of Iranian president Mahmoud Ahmadinejad,
causing the government to temporarily shut down the Internet.
4. Who’s bad?
Not all DDoS attacks are
malicious. When Michael Jackson
passed away in 2009, there was a
massive explosion in Internet
searches for information on the
late pop singer. The volume was
so high that search giant Google’s servers became overloaded, and with
millions of searches being conducted, Google thought it was the target of a
DDoS attack.
The symptoms were all there – a massive number of requests pinging Google’s
servers. People searching for Michael Jackson were for a time forced to enter a
captcha to prove their humanity. Eventually, Google put two and two together
and took its DDoS countermeasures offline, declaring a false alarm.
5. Montreal’s MafiaBoy
While MafiaBay may be Canada’s entry to the DDoS
hall of fame, his exploits were certainly global in
nature.
In 2000, Montreal teenager Michael Calce
launched a DDoS attack against large commercial
sites such as Yahoo, FIFA, Amazon, Dell, E*Trade
and CNN. The costs of the attack were estimated at
$7.5 million, and after a joint FBI/RCMP
investigation, Calce was identified and plead guilty
to most of the charges he faced.
He later wrote a book about his experience that
called for greater Internet security, claiming serious
vulnerabilities still exist.
6. Going nuclear: Root nameservers
It would be extremely difficult to pull off, but the
nuclear DDoS attack option would target the 13
Domain Name System root nameserver clusters that
are, essentially, the backbone of the Internet.
A sustained attack that took enough of them offline
could essentially shut down the entire Internet.
However, the system is built with so much
redundancy that the scale required to launch such
an attack would be massive. Some have tried – a
2002 attempt targeted all 13 servers and only lasted
an hour, while another in 2007 caused performance
issues for four servers that was compensated for by
the others – but no serious attempts have been
Image courtesy of twobee/ FreeDigitalPhotos.net
made.